A Review on Different Methodologies to Counter SQL Injection Attack

Authors

  • Vaishnavi Bokey  BE Students, Department of Computer Science and Engineering, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Karuna Datar  BE Students, Department of Computer Science and Engineering, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Divyani Jabalpure  BE Students, Department of Computer Science and Engineering, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Karishma Suryawanshi  BE Students, Department of Computer Science and Engineering, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Vaishali Lokhande  BE Students, Department of Computer Science and Engineering, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Prof. Pranali Kale  Assistant Professor, Department of Computer Science and Engineering, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India

Keywords:

SQL Injection attack, Pattern matching, Static pattern, Dynamic Pattern, Anomaly Score

Abstract

Different thing structures join an electronic segment that makes them accessible to people when all is said in done by technique for the web and can open them to a gathering of online attacks. One of these ambushes is SQL blend which can give aggressors unapproved access to the databases. This paper shows an approach for securing web applications against SQL implantation. Configuration matching is a structure that can be used to see or see any anomaly pass on a continuous movement. This paper additionally demonstrates an assertion and evasion technique for ensuring SQL Injection Attack (SQLIA) using Aho-Corasick algorithm matching figuring moreover, it concentrates on various portions that can perceive a couple SQL Injection ambushes.

References

  1. M. A. Prabakar, M. KarthiKeyan, K. Marimuthu, "An Efficient Technique for Preventing SQL Injection Attack Using Pattern Matching Algorithm", IEEE Int. Conf. on Emerging Trends in Computing, Communication and Nanotechnology, 2013.
  2. William G.J. Halfond and Panagiotis Manolios, "WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation", IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 34, NO. 1, JANUARY/FEBRUARY 2008
  3. E. Bertino, A. Kamra, E. Terzi, and A. Vakali, "Intrusion detection in RBAC-administered databases", in the Proceedings of the 21st Annual Computer Security Applications Conference, 2005.
  4. E. Bertino, A. Kamra, and J. Early, "Profiling Database Application to Detect SQL Injection Attacks", In the Proceedings of 2007 IEEE International Performance, Computing, and Communications Conference, 2007.
  5. E. Fredkin, "TRIE Memory", Communications of the ACM, 1960.
  6. G. T. Buehrer, B. W. Weide, and P. A. G. Sivilotti, "Using Parse Tree Validation to Prevent SQL Injection Attacks", Computer Science and Engineering,The Ohio State University Columbus, 2005.
  7. J. H. Saltzer, M. D. Schroeder, "The Protection of Information in Computer Systems", In Proceedings of the IEEE, 2005.
  8. Kamra, E. Bertino, and G. Lebanon, "Mechanisms for Database Intrusion Detection and Response", in the Proceedings of the 2nd SIGMOD PhD Workshop on Innovative Database Research, 2008.
  9. S. Axelsson, "Intrusion detection systems: A survey and taxonomy", Technical Report, Chalmers University, 2000.
  10. S. F. Yusufovna, "Integrating Intrusion Detection System and Data Mining", IEEE Ubiquitous Multimedia Computing, 2008.
  11. W. G. J. Halfond and A. Orso, "AMNESIA: Analysis and Monitoring for NEutralizing SQL Injection Attacks", College of Computing, Georgia Institute of Technology, 2005.
  12. W. G. J. Halfond and A. Orso, "Combining Static Analysis and Runtime Monitoring to Counter SQL Injection Attacks", College of Computing, Georgia Institute of Technology, 2005.
  13. W. G. J. Halfond, A. Orso, and P. Manolios, "Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks", Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering, 2006.
  14. V. Aho and Margaret J. Corasick, "Efficient string matching: An aid to bibliographic search", Communications of the ACM, 1975.
  15. Mahima Srivastava, "Algorithm to Prevent Back End Database against SQL njection Attacks", 2014 International Conference on Computing for Sustainable Global Development (INDIACom).

International Journal of Scientific Research in Science and Technology

Downloads

Published

2018-02-28

Issue

Volume 4, Issue 2, January-February-2018

Section

Research Articles

License

Copyright (c) IJSRST

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Vaishnavi Bokey, Karuna Datar, Divyani Jabalpure, Karishma Suryawanshi, Vaishali Lokhande, Prof. Pranali Kale "A Review on Different Methodologies to Counter SQL Injection Attack" International Journal of Scientific Research in Science and Technology(IJSRST), Online ISSN : 2395-602X, Print ISSN : 2395-6011,Volume 4, Issue 2, pp.1528-1535, January-February-2018.