An analysis and Detection of SQL Injection Queries Using Feature Based Approach
Author(s):
Shivraj Sharma
Keywords:
Attack, Injection, SQL, Query, Vulnerability, Tautology, Hacker, Database, Web, Application, Threat, OWASP, Feature Based Approach
Abstract
SQL Injection has been one of the most critical security threats for web based applications. As per Open Web Application Security Project (OWASP) top ten most critical threat list for web applications SQL Injection stands first in the list published in 2013 and 2017. Researchers and practitioners have been broaching various schemes to hammer away at the SQL injection problem. However, prevailing approaches either fall short to cope with the full scope of the problem or have bottlenecks that prevent their use and adoption. The basis behind SQL injection attack is fairly straightforward. When a web application receives user data as input, at that juncture, there is a chance for malicious user to enter carefully concocted data that cause the input to be construed as part of a SQL query instead of data. A successful SQL injection attack divulges critical confidential information to the hacker. In this paper a comprehensive review of various types of SQL injection attacks has been carried out. For the readers to understand better, a real time scenario of an vulnerable application has been designed that does not detect SQL injection attack query and this application lets that attack reveal the information stored in the underlying database to the malicious user. This paper proposes an enhanced approach of defensive coding to mitigate SQL injection attack. In the proposed work, features of various SQL injection queries have been closely examined to identify them. This technique has been named as feature based methodology to identify SQL injection queries. In this paper the analysis of the feature based SQL injection identification methodology has been presented.
Article Details
Unique Paper ID: 147096

Publication Volume & Issue: Volume 5, Issue 4

Page(s): 75 - 83
Article Preview & Download




Go To Issue



Call For Paper

Volume 6 Issue 4

Last Date 25 September 2019


About Us

IJIRT.org enables door in research by providing high quality research articles in open access market.

Send us any query related to your research on editor@ijirt.org

Social Media

Google Verified Reviews

Contact Details

Telephone:8200 61 5067
Email: editor@ijirt.org
Website: ijirt.org

Policies