Call for Paper - November 2022 Edition
IJCA solicits original research papers for the November 2022 Edition. Last date of manuscript submission is October 20, 2022. Read More

Model Query, Tokenization and Character Matching: A Combined Approach to Prevent SQLIA

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2017
Authors:
Sudhakar Choudhary, Arvind Kumar Jain, Anil Kumar
10.5120/ijca2017913357

Sudhakar Choudhary, Arvind Kumar Jain and Anil Kumar. Model Query, Tokenization and Character Matching: A Combined Approach to Prevent SQLIA. International Journal of Computer Applications 162(9):13-18, March 2017. BibTeX

@article{10.5120/ijca2017913357,
	author = {Sudhakar Choudhary and Arvind Kumar Jain and Anil Kumar},
	title = {Model Query, Tokenization and Character Matching: A Combined Approach to Prevent SQLIA},
	journal = {International Journal of Computer Applications},
	issue_date = {March 2017},
	volume = {162},
	number = {9},
	month = {Mar},
	year = {2017},
	issn = {0975-8887},
	pages = {13-18},
	numpages = {6},
	url = {http://www.ijcaonline.org/archives/volume162/number9/27270-2017913357},
	doi = {10.5120/ijca2017913357},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

With the rise of internet, web application, such as online banking and web-based email, the web services as an instant means of information dissemination and various other transactions has essentially made them a key component of today’s Internet infrastructure. Web-based systems consist of both infrastructure components and of application specific code. But there are many reports on intrusion from external hacker which compromised the back end database system. SQL-Injection Attacks are a class of attacks that many of these systems are highly vulnerable to.

References

  1. Noor Ashitah Abu Othman, Fakariah Hani Mohd Ali and Mashyum Binti Mohd Noh: Secured Web Application Using Combination of Query Tokenization and Adaptive Method in Preventing SQL Injection Attacks. 2014 IEEE, 2014 International Conference on Computer, Communication, and Control Technology (l4CT 2014), September 2 - 4,2014 - Langkawi, Kedah, Malaysia
  2. Anamika Joshi and Geetha V: SQL Injection Detection using Machine Learning. 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT) ©2014 IEEE.
  3. Jaskanwal Minhas, Raman Kumar. Blocking of SQL Injection attack by Comparing Static and Dynamic queries. International Journal of computer network and Information Security 2013.
  4. A. Dasgupta, V. Narasayya, M. Syamala. A Static Analysis Framework for Database Applications. IEEE 25th International Conference on Data Engineering. Pages 1403 – 1414, March 2009.
  5. W. Halfond, J. Viegas and A. Orso. A Classification of SQL Injection Attacks and Countermeasures, Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE), 2006
  6. W. G. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005), Long Beach, CA, USA, Nov 2005.
  7. Wikipedia, “SQL injection” http://en.wikipedia.org/wiki/SQL_injection
  8. William G. J. Halfond, Alessandro Orso. Combining Static Analysis & Runtime Monitoring to Counter SQL-Injection Attacks. SIGSOFT Software Engineering Notes Volume 30 Issue 4. July 2005.
  9. Kumar, Anil, Rohit Agarwal, and Rahul Kala. "Temporal Logic based Motion Planning in Unstructured Environments."
  10. F. Valeur, D. Mutz, and G. Vigna. A Learning-Based Approach to the Detection of SQL Attacks. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), pages 123–140, 2005.
  11. Boyd and A. Keromytis. SQLrand: Preventing SQL injection attacks. In Proceedings of the Applied Cryptography and Network Security (ACNS), pages 292–304, 2004.
  12. G. Wassermann and Z. Su. An Analysis Framework for Security in Web Applications. In Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS), pages 70–78, 2004.
  13. Kumar, Anil, and Rahul Kala. "Linear Temporal Logic-based Mission Planning." IJIMAI 3.7 (2016): 32-41.

Keywords

SQL Injection Attack, SQLIA Prevention, Tokenization, Character List.