Search Results: 1 - 10 of 100 matches for " "
All listed articles are free for downloading (OA Articles)
Page 1 /100
Display every page Item
Framework of SQL Injection Attack  [PDF]
Neha Patwari,Parvati Bhurani
Computer Science , 2012,
Abstract: With the changing demographics of globalization, the emergence and prevalence of web application have acquired a central and pivotal role in the domains of technology and advancements. It thus becomes imperative to probe deeply into the architecture, significance and different facets of usages. Web applications enclose the functioning between a user and the services provided by the server, which contains a database as its backend. The user can access the required information through sending a request in the form of text to the web server, which is interpreted by the server side script to construct an SQL. The query is sent to the database which responds in order to generate an HTML page that is sent back to the user. Since the functioning of web application is a dynamic and complicated matter, certain threats to the database security have been registered. One such alarming threat is the prevalence of SQL Injection Attack. Hence a dynamic algorithm is given in this paper for preventing SQL Injection Attacks which is based on context free grammars and compiler parsing techniques. The paper attempts to present the notation of a SQLI Prevent Parser for the prevention of SQL Injection Attacks. This Parser determines the structure of queries and compares whether the queries are functionally equivalent or not. This parser has been used on a sample web application and the results have come out to be positive majors to prevent SQL Injection Attacks.
International Journal of Engineering Science and Technology , 2012,
Abstract: Nowadays SQL injection attacks (SQLIAs) and cross scripting increased in real web applications very much, and the SQL injection attacks damages the databases through web applications. Injection queries are different type of way to attack the databases. This paper address the issue of SQLIA’s and script in an efficient way. The proposed approach detects and prevents all the Injection queries as well as the cross scripting through the Framework and Static analysis and Dynamic analysis. The contribution is twofold 1. SQL Injection AttackDetection and prevention 2. SQL Injection Reports. These techniques have been implemented in ASP.Net and SQL Server and tested by conducting various experiments and prove that the web applications and database is protected from scripting and SQL injection queries.
A Survey of SQL Injection Attack Detection and Prevention  [PDF]
Khaled Elshazly, Yasser Fouad, Mohamed Saleh, Adel Sewisy
Journal of Computer and Communications (JCC) , 2014, DOI: 10.4236/jcc.2014.28001

Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the database server for the website. Hence, the big challenge became to secure such website against attack via the Internet. We have presented different types of attack methods and prevention techniques of SQLIA which were used to aid the design and implementation of our model. In the paper, work is separated into two parts. The first aims to put SQLIA into perspective by outlining some of the materials and researches that have already been completed. The section suggesting methods of mitigating SQLIA aims to clarify some misconceptions about SQLIA prevention and provides some useful tips to software developers and database administrators. The second details the creation of a filtering proxy server used to prevent a SQL injection attack and analyses the performance impact of the filtering process on web application.

Efficient Solution for SQL Injection Attack Detection and Prevention  [PDF]
Munqath H. Alattar,Prof.S.P. Medhane
International Journal of Soft Computing & Engineering , 2013,
Abstract: SQL injection is the most common attack for web applications and widely used exploit by hackers all over the world. A malicious hacker can do a lot of harm if he wishes to. SQL injection is a security vulnerability that occurs in the database layers of an application. SQL injection is a technique to pass SQL code into interactive web applications that employ in database services. The employment of SQL Injection Attacks, can lead to the leak of confidential information such as credit card numbers, commercial information & table structure. The attackers can get the entire schema of the original database and also corrupt it. In this paper, we have proposed the Detection Model of SQL Injection Vulnerabilities and SQL Injection Mitigation Framework. These approaches are based on SQL Injection grammar to identify the SQL Injection vulnerabilities during software development and SQL Injection Attack on web-based applications.
Preventing SQL Injection attack using pattern matching algorithm  [PDF]
Swapnil Kharche,Jagdish patil,Kanchan Gohad,Bharti Ambetkar
Computer Science , 2015,
Abstract: SQL injection attacks, a class of injection flaw in which specially crafted input strings leads to illegal queries to databases, are one of the topmost threats to web applications. A Number of research prototypes and commercial products that maintain the queries structure in web applications have been developed. But these techniques either fail to address the full scope of the problem or have limitations. Based on our observation that the injected string in a SQL injection attack is interpreted differently on different databases.Injection attack is a method that can inject any kind of malicious string or anomaly string on the original string. Pattern matching is a technique that can be used to identify or detect any anomaly packet from a sequential action. Most of the pattern based techniques are used static analysis and patterns are generated from the attacked statements. In this paper, we proposed a detection and prevention technique for preventing SQL Injection Attack using AhoCorasick pattern matching algorithm. In this paper, we proposed an overview of the architecture. In the initial stage evaluation, we consider some sample of standard attack patterns and it shows that the proposed algorithm is works well against the SQL Injection Attack.
SQL Injection - Database Attack Revolution And Prevention  [cached]
Ramakanth Dorai,Vinod Kannan
Journal of International Commercial Law and Technology , 2011,
Abstract: SQL injection came with a bang and caused revolution in database attacking. In recent years, with the explosion in web-based commerce and information systems, databases have been drawing ever closer to the network and it is critical part of network security. This paper is incorporated with our research and firsthand experience in hacking the database by SQL injection. Database is the Storage Brain of a website. A hacked database is the source for Passwords and juicy information like credit card number, bank account number and every important thing that are forbidden. Importance should be given for preventing database exploitation by SQL injection. The aim of this paper is to create awareness among web developers or database administrators about the urgent need for database security. Our ultimate objective is to totally eradicate the whole concept of SQL injection and to avoid this technique becoming a plaything in hands of exploiters.
Current Injection Attack against the KLJN Secure Key Exchange  [PDF]
Hsien-Pu Chen,Muneer Mohammad,Laszlo B. Kish
Physics , 2015,
Abstract: The Kirchhoff-law-Johnson-noise (KLJN) scheme is a statistical/physical secure key exchange system based on the laws of classical statistical physics to provide unconditional security. We used the LTSPICE industrial cable and circuit simulator to emulate one of the major active (invasive) attacks, the current injection attack, against the ideal and a practical KLJN system, respectively. We show that two security enhancement techniques, namely, the instantaneous voltage/current comparison method, and a simple privacy amplification scheme, independently and effectively eliminate the information leak and successfully preserve the system's unconditional security.
A Survey Of Sql Injection Countermeasures  [PDF]
R.P.Mahapatra,Subi Khan
International Journal of Computer Science and Engineering Survey , 2012,
Abstract: SQL injection has become a predominant type of attacks that target web applications. It allows attackers to obtain unauthorized access to the back-end database to change the intended application-generated SQL queries. Researchers have proposed various solutions to address SQL injection problems. However, many of them have limitations and often cannot address all kinds of injection problems. What’s more, new types of SQL injection attacks have arisen over the years. To better counter these attacks, identifying and understanding existing countermeasures are very important. In this research , I had surveyed existing techniques against SQL injection attacks and analyzed their advantages and disadvantages. In addition, I identified techniques for building secure systems and applied them to my applications and database system, and illustrated how they were performed and the effect of them.
Web Application Security by SQL Injection DetectionTools
Atefeh Tajpour,Suhaimi Ibrahim,Mohammad Sharifi
International Journal of Computer Science Issues , 2012,
Abstract: SQL injection is a type of attack which the attacker adds Structured Query Language code to a web form input box to gain access or make changes to data. SQL injection vulnerability allows an attacker to flow commands directly to a web application underlying database and destroy functionality or confidentiality. Researchers have proposed different tools to detect and prevent this vulnerability. In this paper we present all SQL injection attack types and also current tools which can detect or prevent these attacks. Finally we evaluate these tools.
SQL Injection in Oracle An exploration of vulnerabilities  [PDF]
Sid Ansari,Edward R. Sykes
International Journal on Computer Science and Engineering , 2012,
Abstract: Structured Query Language (SQL) injection is one of the most devastating vulnerabilities to impact a business, as it can lead to the exposure of sensitive information stored in an application’sdatabase. SQL Injection can compromise usernames, passwords, addresses, phone numbers, and credit card details. It is the vulnerability that results when an attacker achieves the ability to influence SQL queries that an application passes to a back-end database. The attacker can often leverage the syntax and capabilities of SQL, as well as the power and flexibility of supporting database functionality and operating system functionality available to the database to compromise the web application. In this article we demonstrate two non-web based SQL Injection attacks one of which can be carried out by executing a stored procedure with escalating privileges. We present the unique way in which Oracle handles singleand double quotes in strings because, as shown in this paper, this is one of the features of the language that can be exploited in the construction of an injection attack. Recommendations on how to resolve these vulnerabilities are proposed.
Page 1 /100
Display every page Item

Copyright © 2008-2017 Open Access Library. All rights reserved.