An Approach to Detect and Prevent Sql Injection Attacks in Database Using Web Service

Topics: SQL, World Wide Web, SQL injection Pages: 28 (5638 words) Published: April 16, 2013
IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.1, January 2011


An Approach to Detect and Prevent SQL Injection Attacks in
Database Using Web Service
IndraniBalasundaram 1 Dr. E. Ramaraj2

Lecturer, Department of Computer Science, Madurai Kamaraj University, Madurai 2
Director of Computer Centre Alagappa University, Karaikudi.

SQL injection is an attack methodology that targets the data residing in a database through the firewall that shields it. The attack takes advantage of poor input validation in code and
website administration. SQL Injection Attacks occur when an
attacker is able to insert a series of SQL statements in to a ‘query’ by manipulating user input data in to a web-based application, attacker can take advantages of web application programming security flaws and pass unexpected malicious SQL statements through a web application for execution by the backend database. This paper proposes a novel specification-based methodology for the prevention of SQL injection Attacks. The two most important advantages of the new approach against

existing analogous mechanisms are that, first, it prevents all forms of SQL injection attacks; second, Current technique does not allow the user to access database directly in database server. The innovative technique “Web Service Oriented XPATH

Authentication Technique” is to detect and prevent SQLInjection Attacks in database the deployment of this technique is by generating functions of two filtration models that are Active Guard and Service Detector of application scripts additionally allowing seamless integration with currently-deployed systems.

General Terms
Languages, Security, Verification, Experimentation.

Database security, world-wide web, web application security, SQL injection attacks, Runtime Monitoring

changes to data. The fear of SQL injection attacks has
become increasingly frequent and serious. . SQL-Injection
Attacks are a class of attacks that many of these systems
are highly vulnerable to, and there is no known fool-proof
defend against such attacks. Compromise of these web
applications represents a serious threat to organizations
that have deployed them, and also to users who trust these
systems to store confidential data. The Web applications
that are vulnerable to SQL-Injection attacks user inputs the attacker’s embeds commands and gets executed [4]. The
attackers directly access the database underlying an
application and leak or alter confidential information and
execute malicious code [1][2]. In some cases, attackers
even use an SQL Injection vulnerability to take control
and corrupt the system that hosts the Web application. The
increasing number of web applications falling prey to
these attacks is alarmingly high [3] Prevention of SQLIA’s is a major challenge. It is difficult to implement and
enforce a rigorous defensive coding discipline. Many
solutions based on defensive coding address only a subset
of the possible attacks. Evaluation of ““Web Service
Oriented XPATH Authentication Technique” has no code
modification as well as automation of detection and
prevention of SQL Injection Attacks. Recent U.S. industry
regulations such as the Sarbanes-Oxley Act [5] pertaining
to information security, try to enforce strict security
compliance by application vendors.

1. Introduction


Information is the most important business asset in today’s environment and achieving an appropriate level of
Information Security. SQL-Injection Attacks (SQLIA’s)
are one of the topmost threats for web application security. For example financial fraud, theft confidential data, deface website, sabotage, espionage and cyber terrorism. The
evaluation process of security tools for detection and
prevention of SQLIA’s. To implement security guidelines
inside or outside the database it is recommended to access
the sensitive databases should be...

References: Attacks”, ASE’05, November 7–11, 2005
[2] William G.J
Spring 2006, May 17, 2006
[4] William G.J
Web applications”,, 2003
Applications,” White paper, Next Generation Security
Software Ltd., 2002.
Attacks,” 3rd International Workshop on Dynamic Analysis,
2005, pp
ACM SIGPLAN-SIGACT Symposium on Principles of
Programming Languages, 2006, pp
Workshop on Specification and Verification of componentBased Systems (SAVCBS 2004), pages 70–78, 2004.
Black Hat Briefings, Black Hat USA, 2005.
[18] Kals, S., Kirda, E., Kruegel, C., and Jovanovic, N. 2006.
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Lab10 SQL Injection Attack Lab Essay
  • SQL Injection Attacks Essay
  • Essay about Sql Injection
  • Query Parsing at the Application Layer to Prevent Sql Injection Essay
  • Web Server Application Attacks Essay
  • Essay about SQL Injection
  • Practical Identification of Sql Injection Vulnerabilities Essay
  • Essay on sql injection

Become a StudyMode Member

Sign Up - It's Free