A Review on Methods for Prevention of SQL Injection Attack
DOI:
https://doi.org/10.32628/IJSRST196258Keywords:
SQL Injection attack, Pattern matching, Aho-Corasick algorithmAbstract
Web applications generally interact with backend information to retrieve persistent data and then present the information to the user as dynamically generated output, like HTML websites. This communication is commonly done through a low–level API by dynamically constructing query strings within a general-purpose programming language. SQL Injection Attack (SQLIA) is one of the very serious threats to web applications. This paper is a review on preventing technique for a SQL injection attack which can secure web applications against SQLimplantation. This paper also demonstrates a technique for preventing SQL Injection Attack (SQLIA) using Aho–Corasick pattern matching algorithm
References
- M. A. Prabakar, M. KarthiKeyan, K. Marimuthu, "An Efficient Technique for Preventing SQL Injection Attack Using Pattern Matching Algorithm", IEEE Int. Conf. on Emerging Trends in Computing, Communication, and Nanotechnology, 2013.
- E. Bertino, A. Kamra, and J. Early, "Profiling Database Application to Detect SQL Injection Attacks", In the Proceedings of 2007 IEEE International Performance, Computing, and Communications Conference, 2007.
- G. T. Buehrer, B. W. Weide, and P. A. G. Sivilotti, "Using Parse Tree Validation to Prevent SQL Injection Attacks", Computer Science and Engineering, The Ohio State University Columbus, 2005.
- J. H. Saltzer, M. D. Schroeder, "The Protection of Information in Computer Systems", In Proceedings of the IEEE, 2005.
- Kamra, E. Bertino, and G. Lebanon, "Mechanisms for Database Intrusion Detection and Response", in the Proceedings of the 2nd SIGMOD Ph.D. Workshop on Innovative Database Research, 2008.
- S. Axelsson, "Intrusion detection systems: A survey and taxonomy", Technical Report, Chalmers University, 2000.
- S. F. Yusufovna, "Integrating Intrusion Detection System and Data Mining", IEEE Ubiquitous Multimedia Computing, 2008.
- W. G. J. Halfond and A. Orso, "AMNESIA: Analysis and Monitoring for Neutralizing SQL Injection Attacks", College of Computing, Georgia Institute of Technology, 2005.
- W. G. J. Halfond and A. Orso, "Combining Static Analysis and Runtime Monitoring to Counter SQL Injection Attacks", College of Computing, Georgia Institute of Technology, 2005.
- W. G. J. Halfond, A. Orso, and P. Manolios, "Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks", Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering, 2006.
- V. Aho and Margaret J. Corasick, "Efficient string matching: An aid to bibliographic search", Communications of the ACM, 1975.
Downloads
Published
Issue
Section
License
Copyright (c) IJSRST
This work is licensed under a Creative Commons Attribution 4.0 International License.