CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies

by Nana Yaw Asabere, Wisdom Kwawu Torgby
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 71 - Number 11
Year of Publication: 2013
Authors: Nana Yaw Asabere, Wisdom Kwawu Torgby
10.5120/12404-8908

Nana Yaw Asabere, Wisdom Kwawu Torgby . Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies. International Journal of Computer Applications. 71, 11 ( June 2013), 29-39. DOI=10.5120/12404-8908

@article{ 10.5120/12404-8908,
author = { Nana Yaw Asabere, Wisdom Kwawu Torgby },
title = { Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies },
journal = { International Journal of Computer Applications },
issue_date = { June 2013 },
volume = { 71 },
number = { 11 },
month = { June },
year = { 2013 },
issn = { 0975-8887 },
pages = { 29-39 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume71/number11/12404-8908/ },
doi = { 10.5120/12404-8908 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:35:18.290788+05:30
%A Nana Yaw Asabere
%A Wisdom Kwawu Torgby
%T Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies
%J International Journal of Computer Applications
%@ 0975-8887
%V 71
%N 11
%P 29-39
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

This paper investigates and reports on web application vulnerabilities with a specific focus on Structured Query Language Injection (SQLI) attacks and measures and how to counter such threats. SQLI attacks cause very serious dangers to web applications, they make it possible for attackers to get unhindered access to the primary source of data which is in the database and possibly the very sensitive information that the database contains. Even though practitioners and researchers in the web application security field have proposed a range of techniques to get to the bottom of the SQLI attack challenge, presently adopted approaches have either resolved the problem to some extent or have inadequacies that prevent their use and adoption. To help address this challenge, this paper presents a broad review of SQL injection attacks. An appraisal of current detection and prevention techniques against SQL injection attacks are also presented. Furthermore, a vulnerability assessment was conducted on the Centre for Computational Intelligence (CCI) Website as a case study. A snippet code that can be used to redesign the CCI website as a protective measure to counter threats of SQLI was proposed. An examination of this paper indicates that current solutions being promoted may not address the problem, and that web application firewalls provides the answer to SQLI attacks.

References
  1. A. K. Singh and S. Roy, "A Network Based Vulnerability Scanner for Detecting SQLI Attacks in Web Applications," in Proceedings of the IEEE International Conference on Recent Advances in Information Technology, pp. 585-590, 15-17 March, 2012.
  2. A. Avancini and M. Ceccato, "Security Testing of Web Applications: A Search-Based Approach for Cross-Site Scripting Vulnerabilities," in Proceedings of the 11th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 85-94, 25-25 Sept. 2011.
  3. N. Teodoro and C. Serrao, "Web Application Security: Improving Critical Web-based Applications Quality Through In-depth Security Analysis," in Proceedings of the IEEE International Conference on Information Society (i-Society), pp. 457-462, 27-29, June, 2011.
  4. H. Tian, J. Xu, K. Lian and Y. Ying, "Research on Strong-Association Rule Based Web Application Vulnerability Detection," in Proceedings of the 2nd IEEE International Conference on Computer Science and Information Technology, (ICCSIT), pp. 237-241, 2009.
  5. T. Sccolte, W. Robertson. D. Balzarotti and E. Kirda, "Preventing Input Validation Vulnerabilities in Web Analysis Applications Through Automated Type Analysis," in Proceedings of the 36th IEEE Annual Computer Software and Applications Conference (COMPSAC), pp. 233-243, 16-20 July, 2012.
  6. W. G. J. Halfond, J. Viegas, and A. Orso, "A Classification of SQL Injection Attacks and Countermeasures", in IEEE Proceedings, 2006, Available [Online] http://www. cc. gatech. edu/fac/Alex. Orso/papers/halfond. viegas. orso. ISSSE06. pdf (Accessed 29/04/2013).
  7. A. Ciampa, C. A. Visaggio and M. D. Penta, " A Heuristic-based Approach for Detecting SQL-Injection Vulnerabilities in Web Applications," in ACM Proceedings of the ICSE Workshop on Software Engineering for Secure Systems, pp. 43-49, 2010.
  8. J. Scambray, M. Shema and C. Sima, "Hacking Web Applications Exposed - 2nd ed. San Francisco", McGraw-Hill, 2006.
  9. M. Curphey, D. Endler, W. Hau, S. Taylor, T. Smith, A. Russel, G. Mckenna, R. Parke, K. Mclaughlin, N. Tranter, A. Klein, D. Grooves, I. By-Gad, S. Huseby, M. Eizner, M. Hill and R. McNamara", A Guide to Building Secure Web Applications: The Open Web Application Security Project, 2002 Available [Online] http://www. rootsecure. net/content/downloads/pdf/owasp_guide. pdf (Accessed 09/05/2013).
  10. M. Dermann, M. Dziadzka, B. Hemkemeier, A. Hoffmann, A. Miesel, M. Rohr and T. Schreiber, "Best Practices: Use of Web Application Firewalls", The Open Web Security Application Project, OWASP Papers Program, 2008, Available [Online] http://www. owasp. org/images/a/a6/Best_Practices_Guide_WAF_v104. en. pdf (Accessed 07/05/2013).
  11. Planning Report 02-03 - The Economic Impacts of Inadequate Infrastructures for Software Testing", National Institute of Standards & Technology, US Department of Commerce, 2002, Available [Online] http://www. nist. gov/director/planning/upload/report02-3. pdf (Accessed 05/05/2013).
  12. J. D. Meier, A. Mackman, M. Dunner, S. Vasireddy, R. Escamilla and A. Murukan, "Improving Web Application Security: Threats and Countermeasures," Microsoft Corporation, 2003.
  13. K. Tyminski, "The Business Case for Web Application Firewalls," 2008, Available [Online] www. scanarmor. dk/UserFiles/File/WP_BusinessCaseForWAF_FINAL_092408. pdf (Accessed 05/05/2013).
  14. R. Barnet, "Why Organizations Need Web Application Firewalls," 2007, Available [Online] www. scanarmor. dk/UserFiles/File/WP_Why_WAF. pdf (Accessed 03/05/2013).
Index Terms

Computer Science
Information Sciences

Keywords

Web Application Website Security Structured Query Language Injection (SQLI) Vulnerabilities

Powered by PhDFocusTM