• Jun 13, 2017 News!The submission for 2018 7th International Conference on Information and Electronics Engineering (ICIEE 2018) is officially open now !   [Click]
  • Jun 28, 2017 News!Papers published in Vol.7, No.1 have all received dois from Crossref.
  • Jun 27, 2017 News!Vol.6, No.4 has been indexed by EI (Inspec).   [Click]
General Information
Editor-in-chief

 
Faculty of Science, University of Brunei Darussalam, Brunei Darussalam   
" It is a great honor to serve as the editor-in-chief of IJIEE. I'll work together with the editorial team. Hopefully, IJIEE will be recognized among the readers in the related field."
IJIEE 2011 Vol.1(1): 38-46 ISSN: 2010-3719
DOI: 10.7763/IJIEE.2011.V1.6

Detecting and Defeating SQL Injection Attacks

Sangita Roy, Avinash Kumar Singh, and Ashok Singh Sairam

Abstract—The increasing dependence on web applications have made them a natural target for attackers. Among these attacks SQL Injection Attacks (SQLIA) are the most prevalent. In this paper we propose a SQL injection vulnerability scanner that is light-weight, fast and has a low false positive rate. These scanners prove as a practical tool to discover the vulnerabilities in a web application as well as to test the efficiency of counter attack mechanisms. In the latter part of our work we propose a security mechanism to counter SQL Injection Attacks. Our security methodology is based on the design of a filter for the HTTP request send by clients or users and look for attack signatures. The proposed filter is generic in the sense that it can be used with any web application. Finally we test our proposed security mechanism using the vulnerability scanner developed by us as well as other well known scanners. The proposed security mechanism is able to counter all the vulnerabilities that were previously reported before the deployment of our security framework.

Index Terms—SQL Injection Attacks, URL filter, Web Application Vulnerability Scanner.

Sangita Roy is with the Indian Institute of Technology, Patna, Bihar, India (e-mail: r_sangita@iitp.ac.in).
Avinash Kumar Singh is with the Gwalior Engineering College, Gwalior, MP, India (e-mail: avinashkumarsingh1986@ gmail.com).
Ashok Singh Sairam is with the Indian Institute of Technology, Patna, Bihar, India (e-mail: ashok@iitp.ac.in).

[PDF]

Cite: Sangita Roy, Avinash Kumar Singh and Ashok Singh Sairam, "Detecting and Defeating SQL Injection Attacks," International Journal of Information and Electronics Engineering vol. 1, no. 1, pp. 38-46, 2011.

Copyright © 2008-2017. International Journal of Information and Electronics Engineering. All rights reserved.
E-mail: ijiee@ejournal.net