A Study of SQL of Injections Techniques and their Prevention Methods

Yash Tiwari; Mallika Tiwari

Call for Paper

June Edition

IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

Feasible Study on Pattern Matching Algorithms based on Intrusion Detection Systems

June

2014

Modeling and Economic Analysis of Energy Generation from Biomass Energy

December

2014

M-Pass: Web Authentication Protocol Resistant to Malware and Phishing

April

2014

Performance Analysis on the Effect of Doping Concentration in Copper Indium Gallium Selenide (CIGS) Thin-film Solar Cell

March

2015

Reseach Article

A Study of SQL of Injections Techniques and their Prevention Methods

by Yash Tiwari, Mallika Tiwari

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 114 - Number 17

Year of Publication: 2015

Authors: Yash Tiwari, Mallika Tiwari

10.5120/20072-2007

Yash Tiwari, Mallika Tiwari . A Study of SQL of Injections Techniques and their Prevention Methods. International Journal of Computer Applications. 114, 17 ( March 2015), 31-33. DOI=10.5120/20072-2007

@article{ 10.5120/20072-2007,

author = { Yash Tiwari, Mallika Tiwari },

title = { A Study of SQL of Injections Techniques and their Prevention Methods },

journal = { International Journal of Computer Applications },

issue_date = { March 2015 },

volume = { 114 },

number = { 17 },

month = { March },

year = { 2015 },

issn = { 0975-8887 },

pages = { 31-33 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume114/number17/20072-2007/ },

doi = { 10.5120/20072-2007 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-06T22:53:03.582586+05:30

%A Yash Tiwari

%A Mallika Tiwari

%T A Study of SQL of Injections Techniques and their Prevention Methods

%J International Journal of Computer Applications

%@ 0975-8887

%V 114

%N 17

%P 31-33

%D 2015

%I Foundation of Computer Science (FCS), NY, USA

Abstract

Rapid evolution of technology and increasing necessity of storing data and securing it as well gave rise to various techniques to secure it along with the new innovative malicious techniques to have a hazardous impact on the organization by wrecking the database and manipulating data. In this paper we have presented various techniques that are being used by such attackers called sql injections and their prevention methods these attacks are targeted towards web applications using databases and are injected through the input fields meant for taking information such as username or password. Such codes injected combines with the already present sql code and form a query that solves the purposes of the attacker if vulnerable to such attacks.

References

Atefeh Tajpour, Maslin Massrum and Mohammad zaman Heydari. "Comparison of SQL Injection detection and prevention techniques," in proceeding of 2nd international conference on education technology and computer(ICETC)
C Anley. Advanced SQL Injection in SQL ServerApplications. White Paper Next Generation Security Software Ltd. , 2002. http://www. nextgenss. com/papers/advanced sql injection. pdf
M. Howard and D Le Blane. Writing Secure Code. MicrosoftPress, Redmond, Washington, second edition, 2003.
S. McDoland. SQL Injection. Modes of Attack, defence andwhy it matters. White paper, GovernmentSecurity. org, April 2002.
Asha. N,M. Varun Kumar,Vaidhyanathan. G of Anomaly Based Character Distribution Models in the,"Preventing SQL Injection Attacks", International Journal of Computer Applications (0975 – 8887) Volume 52– No. 13, August 2012
A brief introduction for sql injections and vulnerabilities are described in the website of W3resources. http://www. w3resource. com/sql/sql-injection/sql-injection. php
C. Anley. Advanced sql injection in sql server applications. http://www. nextgenss. com/papers/advanced_sql_injection. pdf.
Xiang Fu, Kai Qian. SAFELI-SQL Injection Scanner Using Symbolic Execution. Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications. ACM(2008).
S. W. Boyd and A. D. Keromytis. Sqlrand: Preventing sql injection attacks. ACNS, 2004.
Y. -W. Huang, S. -K. Huang, T. -P. Lin, and C. -H. Tsai,"Web application security assessment by fault injection and behavior monitoring," in Proceedings of the 12th international conference on World Wide Web,ser. WWW'03, 2003, pp. 148–159.
Diallo Abdoulaye Kindyand Al-Sakib Khan Pathan,"A survey on SQL injection:vulnerabilities,attacks and prevention techniques," in 2011 IEEE 15thinternational symposium on consumer electronics.
M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press,Redmond, Washington, second edition, 2003

Index Terms

Computer Science

Information Sciences

Keywords

Sql injection data security inference tautology.