The Internet, which can be defined as a huge network of networks - both wired and wireless, uses the Internet Protocol Suite (TCP/IP) to make information available beyond geographical boundaries. Computing devices all through the world connect to the World Wide Web via the Client Server architecture. In this architecture, the client requests some information from a web server through a web browser. The web server connects to a database server in turn to fetch data. The connection between the web server and the database is the one that needs to be well secured. This is where the role of secure authentication techniques comes into picture. Nowadays, Cyber-crimes are becoming rampant. These include illegal access of data, illegal interception of data, eavesdropping of unauthorized data over an information technology infrastructure, etc. Popular Web attacks include Spam, Phishing Attacks, Information warfare, Nigerian Scams, and Denial-of-Service attacks. At some or the other stage, most of these are ramifications of web attacks and SQL attacks – practical implementation of an advanced analysis and prevention technique of which is explained in this paper. It uses a multi-tier approach which makes web applications retain their simplicity for the user and complexity for the attacker.

1. CERT/CC, July 2001. Code Red Worm, Exploiting Bu?er Over?ow, in IIS Indexing Service DLL. Advisory CA-2001-19.
2. Dhiraj, G., Nilkanthrao, July 2009. RSA Based Confidentiality and Integrity Enhancements in SCOSTA-CL, A thesis report, Department of Computer Science and Engineering, Indian Institute of Technology, Kanpur, India.
3. Halfond, W. and Orso, A., AMNESIA, 2005. Analysis and Monitoring for Neutralizing SQL Injection Attacks, 20th IEEE/ACM International Conference on Automated Software Engineering, pp. 174--183. USA, New York.
4. http://www.applicure.com/solutions/web-application-security
5. Ullman, J., 1989. Database and knowledge base systems, In Database and knowledge base systems, Volume 2, Computer Science Press.
6. Akerkar, R. A., and Srinivas, Priti, Sajja, 2009. Knowledge-based systems, Jones & Bartlett Publishers, Sudbury, MA, USA.
7. Portnoy, L., Eskin, E., and Stolfo, S., November 2001. Intrusion Detection with Unlabeled Data Using Clustering, Proceedings of ACM CSS Workshop on Data Mining Applied to Security, Philadelphia, PA.
8. Liljenstam, M., Nicol, D., Berk, V., and Gray, R., 2003. Simulating realistic network worm tra?c for worm warning system design and testing, In Proceedings of the ACM Workshop on Rapid Malcode, pages 24–33, Washington, DC.
9. Forrest, S., May 1996. A Sense of Self for UNIX Processes, Proceedings of the IEEE Symposium on Security and Privacy, pages 120–128, Oakland, CA.
10. Warrender, C., Forrest, S., and Pearlmutter, B. A., 1999. Detecting intrusions using system calls: Alternative Data Models, IEEE Symposium on Security and Privacy, pages 133–145.
11. PHP, AJAX, MySQL and JavaScript Tutorials, http://www.w3schools.com/
12. Von Ahn, Louis, Blum, Manuel, Hopper, Nicholas and Langford, John, CAPTCHA – Using Hard AI Problems for Security, In Eurocrypt.
13. Cormen, Thomas, H., Leiserson, Charles, E., Rivest Ronald, L., and Stein, Clifford, 2001. Introduction to Algorithms, MIT Press/ McGraw-Hill.
14. History of PHP and related projects, http://www.php.net/history.
15. Buehrer, G., Weide, B. W., and Sivilotti, 2005. Using parse tree validation to prevent SQL injection attacks, Proceedings of the 5th International Workshop on Software Engineering and Middleware (Lisbon, Portugal, September 05 - 06, 2005, SEM '05, ACM, New York, NY, P. A, 106-113. DOI= http://doi.acm.org/10.1145/1108473.1108496.

Denial-of-service Attacks Xss Brute Force Dormant Phase Alert Phase And Inquisitive Phase