• Jun 01, 2020 News!Papers published in Vol.10, No.2 have all received dois from Crossref.
  • May 15, 2020 News!Papers published in Vol.9, No.1-Vol.10, No.1 have all received dois from Crossref.
  • May 15, 2020 News!IJIEE Vol. 10, No. 2 issue has been published online!   [Click]
General Information
    • ISSN: 2010-3719 (Online)
    • Abbreviated Title: Int. J. Inf. Electron. Eng.
    • Frequency: Quarterly
    • DOI: 10.18178/IJIEE
    • Editor-in-Chief: Prof. Chandratilak De Silva Liyanage
    • Executive Editor: Jennifer Zeng
    • Abstracting/ Indexing : Google Scholar, Electronic Journals Library, Crossref and ProQuest,  INSPEC (IET), EBSCO, CNKI.
    • E-mail ijiee@ejournal.net

University of Brunei Darussalam, Brunei Darussalam   
" It is a great honor to serve as the editor-in-chief of IJIEE. I'll work together with the editorial team. Hopefully, The value of IJIEE will be well recognized among the readers in the related field."

IJIEE 2011 Vol.1(1): 38-46 ISSN: 2010-3719
DOI: 10.7763/IJIEE.2011.V1.6

Detecting and Defeating SQL Injection Attacks

Sangita Roy, Avinash Kumar Singh, and Ashok Singh Sairam

Abstract—The increasing dependence on web applications have made them a natural target for attackers. Among these attacks SQL Injection Attacks (SQLIA) are the most prevalent. In this paper we propose a SQL injection vulnerability scanner that is light-weight, fast and has a low false positive rate. These scanners prove as a practical tool to discover the vulnerabilities in a web application as well as to test the efficiency of counter attack mechanisms. In the latter part of our work we propose a security mechanism to counter SQL Injection Attacks. Our security methodology is based on the design of a filter for the HTTP request send by clients or users and look for attack signatures. The proposed filter is generic in the sense that it can be used with any web application. Finally we test our proposed security mechanism using the vulnerability scanner developed by us as well as other well known scanners. The proposed security mechanism is able to counter all the vulnerabilities that were previously reported before the deployment of our security framework.

Index Terms—SQL Injection Attacks, URL filter, Web Application Vulnerability Scanner.

Sangita Roy is with the Indian Institute of Technology, Patna, Bihar, India (e-mail: r_sangita@iitp.ac.in).
Avinash Kumar Singh is with the Gwalior Engineering College, Gwalior, MP, India (e-mail: avinashkumarsingh1986@ gmail.com).
Ashok Singh Sairam is with the Indian Institute of Technology, Patna, Bihar, India (e-mail: ashok@iitp.ac.in).


Cite: Sangita Roy, Avinash Kumar Singh and Ashok Singh Sairam, "Detecting and Defeating SQL Injection Attacks," International Journal of Information and Electronics Engineering vol. 1, no. 1, pp. 38-46, 2011.

Copyright © 2008-2021. International Journal of Information and Electronics Engineering. All rights reserved.
E-mail: ijiee@ejournal.net