CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

An Automatic Detection System for SQL Injection

by Divya Jain, Naveen Choudhary
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 126 - Number 11
Year of Publication: 2015
Authors: Divya Jain, Naveen Choudhary
10.5120/ijca2015906218

Divya Jain, Naveen Choudhary . An Automatic Detection System for SQL Injection. International Journal of Computer Applications. 126, 11 ( September 2015), 16-21. DOI=10.5120/ijca2015906218

@article{ 10.5120/ijca2015906218,
author = { Divya Jain, Naveen Choudhary },
title = { An Automatic Detection System for SQL Injection },
journal = { International Journal of Computer Applications },
issue_date = { September 2015 },
volume = { 126 },
number = { 11 },
month = { September },
year = { 2015 },
issn = { 0975-8887 },
pages = { 16-21 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume126/number11/22596-2015906218/ },
doi = { 10.5120/ijca2015906218 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:17:11.348551+05:30
%A Divya Jain
%A Naveen Choudhary
%T An Automatic Detection System for SQL Injection
%J International Journal of Computer Applications
%@ 0975-8887
%V 126
%N 11
%P 16-21
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The growth of the internet is increasing day by day, mostly content is database driven. There are many web applications like E-Commerce, banking where he/she has to trust on this application and have to provide personal information into their underlying database. If there is no confidentiality and security of information then any one can steal or see our information or may utilize this information for misbehaving activity. One of them is SQL injection, a hacker may insert his bad/malicious SQL code into other’s database and running of those queries is capable to extract private and valuable information or may destroy the database. In this paper, proposing a technique to detect SQL injection using the hidden web crawling technique incorporating with parse tree and digital signature. The proposed scheme finds a SQL injection vulnerability by replicating web attack and analyze the data of the response. The proposed technique is compared with hidden web crawling technique to analyze its’s effectiveness. For experimental evaluation, implement this system in Eclipse with MYSQL database to analyze the results.

References
  1. Dwen, T., Chang, A., Liu, P. and Chen, H. 2009. Optimum Tuning of Defence Settings for Common Attacks on the Web Applications Security technology, 43rd Annual International CarnahanConference.
  2. Jovanovic, N., Kruegel, C., Kirda, E. 2006. Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities Security and Privacy, IEEE Symposium.
  3. Website http://git.okt-srl.com/poste/0/43.
  4. Gupta, N., Kapoor,S. 2014. Extraction of Query Interfaces for Domain Specific Hidden Web Crawler International Journal of Computer Science and Infomation Technologies, Vol5 (1).
  5. Buehrer, G.,Weide, B., Sivilotti, P. 2005. Using Parse Tree Validation to Prevent SQL Injection Attacks Proceedings of the 5th international workshop on Software engineering and middleware.
  6. Wang, X., Wang, L., Wei, G., Zhang, D., Yang, Y. 2010. Hidden Web Crawling for Sql Injection Detection Broadband Network and Multimedia Technology (IC-BNMT), 3rd IEEE International Conference
  7. Halfond, W., Viegas, J., Orso A. 2006. A Classification of SQL Injection Attacks and Countermeasures In Proceedings of the International Symposium on Secure Software Engineering.
  8. Shar, L., Tan, H. 2013. Defeating SQL Injection Computer (Volume:46 , Issue: 3 ) 69-77.
  9. Halfond, W., Orso, A. 2005. AMNESIA: Analysis and Monitoring for NEutralizing SQLInjection Attacks Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering.
  10. Website http://en. wikipedia.orglwiki/surface-web
  11. Gupta, S.,Bhatia, K. 2014. A Comparative study of Hidden Web Crawler International Journal of Computer Trends and Technology Volume 12 number 3.
  12. Testing website http://social.selfiecreation.com.
  13. Shehu, B., Xhuvani, A. 2014. A Literature Review and Comparative Analyses on SQL Injection: Vulnerabilities, Attacks and their Prevention and Detection Techniques IJCSI International Journal of Computer Science Issues, Vol. 11, Issue 4, No 1.
  14. OWASP Zed Attack Proxy website https://www.owasp.org/index.php/OWASP_Zed_Attack_project.
  15. Vega website https://subgraph.com/vega/.
  16. OWASP website https://www.owasp.org/index.php/Top_10_2013_10.
  17. Ogheneovo, E.E., Asagba P. O. 2013. A Parse Tree Model for Analyzing And Detecting SQL Injection Vulnerabilities West African Journal of Industrial & Academic Research Vol.6 No.1.
  18. Boyd, W. B., Keromytis D. A. 2004. SQLrand: Preventing SQL Injection Attacks In Proceedings of the 2nd Applied Cryptography and Network Security (ACNS) Conference, pages 292–302.
  19. Thomas, S., Williams, L. 2007. Using Automated Fix Generation to Secure SQL Statements SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Index Terms

Computer Science
Information Sciences

Keywords

SQL injection Hidden web Crawling Parse tree Digital Signature.

Powered by PhDFocusTM