IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.1, January 2011
An Approach to Detect and Prevent SQL Injection Attacks in
Database Using Web Service
IndraniBalasundaram 1 Dr. E. Ramaraj2
Lecturer, Department of Computer Science, Madurai Kamaraj University, Madurai 2
Director of Computer Centre Alagappa University, Karaikudi.
SQL injection is an attack methodology that targets the data residing in a database through the firewall that shields it. The attack takes advantage of poor input validation in code and
website administration. SQL Injection Attacks occur when an
attacker is able to insert a series of SQL statements in to a ‘query’ by manipulating user input data in to a web-based application, attacker can take advantages of web application programming security flaws and pass unexpected malicious SQL statements through a web application for execution by the backend database. This paper proposes a novel specification-based methodology for the prevention of SQL injection Attacks. The two most important advantages of the new approach against
existing analogous mechanisms are that, first, it prevents all forms of SQL injection attacks; second, Current technique does not allow the user to access database directly in database server. The innovative technique “Web Service Oriented XPATH
Authentication Technique” is to detect and prevent SQLInjection Attacks in database the deployment of this technique is by generating functions of two filtration models that are Active Guard and Service Detector of application scripts additionally allowing seamless integration with currently-deployed systems.
Languages, Security, Verification, Experimentation.
Database security, world-wide web, web application security, SQL injection attacks, Runtime Monitoring
changes to data. The fear of SQL injection attacks has
become increasingly frequent and serious. . SQL-Injection
Attacks are a class of attacks that many of these systems
are highly vulnerable to, and there is no known fool-proof
defend against such attacks. Compromise of these web
applications represents a serious threat to organizations
that have deployed them, and also to users who trust these
systems to store confidential data. The Web applications
that are vulnerable to SQL-Injection attacks user inputs the attacker’s embeds commands and gets executed . The
attackers directly access the database underlying an
application and leak or alter confidential information and
execute malicious code . In some cases, attackers
even use an SQL Injection vulnerability to take control
and corrupt the system that hosts the Web application. The
increasing number of web applications falling prey to
these attacks is alarmingly high  Prevention of SQLIA’s is a major challenge. It is difficult to implement and
enforce a rigorous defensive coding discipline. Many
solutions based on defensive coding address only a subset
of the possible attacks. Evaluation of ““Web Service
Oriented XPATH Authentication Technique” has no code
modification as well as automation of detection and
prevention of SQL Injection Attacks. Recent U.S. industry
regulations such as the Sarbanes-Oxley Act  pertaining
to information security, try to enforce strict security
compliance by application vendors.
1.1 SAMPLE - APPLICATION
Information is the most important business asset in today’s environment and achieving an appropriate level of
Information Security. SQL-Injection Attacks (SQLIA’s)
are one of the topmost threats for web application security. For example financial fraud, theft confidential data, deface website, sabotage, espionage and cyber terrorism. The
evaluation process of security tools for detection and
prevention of SQLIA’s. To implement security guidelines
inside or outside the database it is recommended to access
the sensitive databases should be...
References: Attacks”, ASE’05, November 7–11, 2005
 William G.J
Spring 2006, May 17, 2006
 William G.J
Applications,” White paper, Next Generation Security
Software Ltd., 2002.
Attacks,” 3rd International Workshop on Dynamic Analysis,
ACM SIGPLAN-SIGACT Symposium on Principles of
Programming Languages, 2006, pp
Workshop on Specification and Verification of componentBased Systems (SAVCBS 2004), pages 70–78, 2004.
Black Hat Briefings, Black Hat USA, 2005.
 Kals, S., Kirda, E., Kruegel, C., and Jovanovic, N. 2006.
Please join StudyMode to read the full document