The week's pick
Reseach Article
SQLI-Dagger, a Multilevel Template based Algorithm to Detect and Prevent SQL Injection
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 143 - Number 6 |
| Year of Publication: 2016 |
| Authors: Teresa K. George, Rekha James |
10.5120/ijca2016910232
|
Teresa K. George, Rekha James . SQLI-Dagger, a Multilevel Template based Algorithm to Detect and Prevent SQL Injection. International Journal of Computer Applications. 143, 6 ( Jun 2016), 46-50. DOI=10.5120/ijca2016910232
Abstract
SQL injection attacks are often found within the dynamic pages of a web application that exploit the security vulnerability of the database layers of an application. In this attack category a specifically crafted SQL command is entered in the form field of a web application instead of the expected information. SQL injection takes advantages of the design flaws in poorly designed web applications to poison SQL statements and bypass the normal methods of accessing the database content .In these types of Injection attempt the database server execute undesirable SQL Code to steal, manipulate or delete the content of a database. The proposed algorithm is implemented on an application which is placed on a proxy server kept between the Database server and a web server. It is working on multi-level template based approach, which is a model based approach to detect the illegal queries before they are executed on the database server. With the support of the query evaluation engine it can detect and block the injected query. Only the benign query is allowed to get the access to the back end database server. An alert message is generated if there is an Injection.
References
- Su, Zhendong, and Gary Wassermann. "The essence of command injection attacks in web applications." ACM SIGPLAN Notices. Vol. 41. No. 1. ACM, 2006.
- Junjin, Mei. "An approach for SQL injection vulnerability detection."Information Technology: New Generations,2009. ITNG'09. Sixth International Conference on. IEEE, 2009.
- Dharam, Ramya, and Sajjan G. Shiva. "Runtime monitoring technique to handle tautology based SQL injection attacks." International Journal of Cyber-Security and Digital Forensics (IJCSDF) 1.3 (2012): 189-203.
- Ruse, Michelle, Tanmoy Sarkar, and Samik Basu."Analysis & detection of SQL injection Vulnerabilities via automatic test case generation of programs." Applications and the Internet
- Kindy, Diallo Abdoulaye, and Al-Sakib Khan Pathan. "A detailed survey on various aspects of sql injection in web applications: Vulnerabilities, innovative attacks, and remedies." arXiv preprint arXiv:1203.3324 (2012).
- Chapela, Victor. "Advanced SQL njection." OWASP Foundation, Apr (2005).
- Kemalis, Konstantinos, and Theodores Tzouramanis. "SQL-IDS: a specification-based approach for SQL- injection detection." Proceedings of the 2008 ACM symposium on Applied computing. ACM, 2008.
- Kosuga, Yuji, et al. "Sania: Syntactic and semantic analysis for automated testing against sql injection." Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual. IEEE, 2007.
- Buehrer, Gregory, Bruce W. Weide, and Paolo AG Sivilotti. "Using parse tree validation to prevent SQL injection attacks." Proceedings of the 5thinternational workshop on Software engineering and middleware. ACM, 2005.
- Valeur, Fredrik, Darren Mutz, and Giovanni Vigna. "A learning-based approach to the detection of SQL attacks." Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg, 2005.123-140.
Index Terms
Keywords