CFP last date
22 July 2024
Call for Paper
August Edition
IJCA solicits high quality original research papers for the upcoming August edition of the journal. The last date of research paper submission is 22 July 2024

Submit your paper
Know more
Reseach Article

SIDP-SQL Injection Detector and Preventer

Published on April 2012 by Saurabh Doshi, Chaitali Parekh, Ashwini Padale
Emerging Trends in Computer Science and Information Technology (ETCSIT2012)
Foundation of Computer Science USA
ETCSIT - Number 5
April 2012
Authors: Saurabh Doshi, Chaitali Parekh, Ashwini Padale
dd1cf8a7-c098-4d33-8b40-b90e290b31f8

Saurabh Doshi, Chaitali Parekh, Ashwini Padale . SIDP-SQL Injection Detector and Preventer. Emerging Trends in Computer Science and Information Technology (ETCSIT2012). ETCSIT, 5 (April 2012), 15-19.

@article{
author = { Saurabh Doshi, Chaitali Parekh, Ashwini Padale },
title = { SIDP-SQL Injection Detector and Preventer },
journal = { Emerging Trends in Computer Science and Information Technology (ETCSIT2012) },
issue_date = { April 2012 },
volume = { ETCSIT },
number = { 5 },
month = { April },
year = { 2012 },
issn = 0975-8887,
pages = { 15-19 },
numpages = 5,
url = { /proceedings/etcsit/number5/5994-1036/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 Emerging Trends in Computer Science and Information Technology (ETCSIT2012)
%A Saurabh Doshi
%A Chaitali Parekh
%A Ashwini Padale
%T SIDP-SQL Injection Detector and Preventer
%J Emerging Trends in Computer Science and Information Technology (ETCSIT2012)
%@ 0975-8887
%V ETCSIT
%N 5
%P 15-19
%D 2012
%I International Journal of Computer Applications
Abstract

Internet is a very crucial part of today's life. And when we discuss about internet , Web Applications come into focus. Now a days many Web Applications use RDBMS & Web Applications allows its valid users to deal with data stored in RDBMS. Traditionally mostly programmers have been trained in terms of writing code to implement the intended functionality but they are not aware of security aspect in many ways. The Web Applications are vulnerable to different types of attacks. One of the most dangerous attack is SQL Injection attack. SQL injection is an attack method used by hackers to retrieve, manipulate, or delete information in organizations' relational databases through web applications. Our technique is implemented in tool named SQL Injection Detector and Preventer(SIDP) which secures Web Applications from different attacks. A great comparative study is made between SIDP and other similar tools and a conclusion is drawn that SIDP is the most efficient tool of all others.

References
  1. Halfond, W. G. J. and A. Orso (2005). Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks. Workshop on Dynamic Analysis (WODA 2005). St. Louis, MO,USA, ACM: pp. 1 - 7.
  2. Shaukat Ali, Azhar Rauf, Huma Javed:SQLIPA: An Authentication Mechanism Against SQL Injection.
  3. Top ten most critical web application vulnerabilities, 2005. http://www. owasp. org/documentation/topten. html
  4. William G. J. Halfond, Alessandro Orso, and Panagiotis Manolios: Using Positive Tainting and Syntax Aware Evaluation to Counter SQL Injection Attacks.
  5. W. G. Halfond and A. Orso(2005) 'AMNESIA: Analysis and Monitoring for NEutralizing SQLInjection Attacks', In the Proceedings of 20th IEEE and ACM International Conference onAutomated Software Engineering, pp. 174-183.
Index Terms

Computer Science
Information Sciences

Keywords

Sql – Structure Query Language Sqlia –sql Injection Attack Positive Tainting Taint Propagation Syntax Aware Evaluation Hard-coded Strings implicity Created Strings False Positives Negative Tainting