An analysis and Detection of SQL Injection Queries Using Feature Based Approach
Author(s):
Shivraj Sharma
Keywords:
Attack, Injection, SQL, Query, Vulnerability, Tautology, Hacker, Database, Web, Application, Threat, OWASP, Feature Based Approach
Abstract
SQL Injection has been one of the most critical security threats for web based applications. As per Open Web Application Security Project (OWASP) top ten most critical threat list for web applications SQL Injection stands first in the list published in 2013 and 2017. Researchers and practitioners have been broaching various schemes to hammer away at the SQL injection problem. However, prevailing approaches either fall short to cope with the full scope of the problem or have bottlenecks that prevent their use and adoption. The basis behind SQL injection attack is fairly straightforward. When a web application receives user data as input, at that juncture, there is a chance for malicious user to enter carefully concocted data that cause the input to be construed as part of a SQL query instead of data. A successful SQL injection attack divulges critical confidential information to the hacker. In this paper a comprehensive review of various types of SQL injection attacks has been carried out. For the readers to understand better, a real time scenario of an vulnerable application has been designed that does not detect SQL injection attack query and this application lets that attack reveal the information stored in the underlying database to the malicious user. This paper proposes an enhanced approach of defensive coding to mitigate SQL injection attack. In the proposed work, features of various SQL injection queries have been closely examined to identify them. This technique has been named as feature based methodology to identify SQL injection queries. In this paper the analysis of the feature based SQL injection identification methodology has been presented.
Article Details
Unique Paper ID: 147096

Publication Volume & Issue: Volume 5, Issue 4

Page(s): 75 - 83
Article Preview & Download


Share This Article

Join our RMS

Conference Alert

NCSEM 2024

National Conference on Sustainable Engineering and Management - 2024

Last Date: 15th March 2024

Call For Paper

Volume 10 Issue 10

Last Date for paper submitting for March Issue is 25 June 2024

About Us

IJIRT.org enables door in research by providing high quality research articles in open access market.

Send us any query related to your research on editor@ijirt.org

Social Media

Google Verified Reviews