SQL Injection has been one of the most critical security threats for web based applications. As per Open Web Application Security Project (OWASP) top ten most critical threat list for web applications SQL Injection stands first in the list published in 2013 and 2017. Researchers and practitioners have been broaching various schemes to hammer away at the SQL injection problem. However, prevailing approaches either fall short to cope with the full scope of the problem or have bottlenecks that prevent their use and adoption. The basis behind SQL injection attack is fairly straightforward. When a web application receives user data as input, at that juncture, there is a chance for malicious user to enter carefully concocted data that cause the input to be construed as part of a SQL query instead of data. A successful SQL injection attack divulges critical confidential information to the hacker. In this paper a comprehensive review of various types of SQL injection attacks has been carried out. For the readers to understand better, a real time scenario of an vulnerable application has been designed that does not detect SQL injection attack query and this application lets that attack reveal the information stored in the underlying database to the malicious user. This paper proposes an enhanced approach of defensive coding to mitigate SQL injection attack. In the proposed work, features of various SQL injection queries have been closely examined to identify them. This technique has been named as feature based methodology to identify SQL injection queries. In this paper the analysis of the feature based SQL injection identification methodology has been presented.
Article Details
Unique Paper ID: 147096
Publication Volume & Issue: Volume 5, Issue 4
Page(s): 75 - 83
Article Preview & Download
Share This Article
Join our RMS
Conference Alert
NCSEM 2024
National Conference on Sustainable Engineering and Management - 2024