• Jul 12, 2018 News!The submission for 2019 8th International Conference on Information and Electronics Engineering (ICIEE 2019) is officially open now !   [Click]
  • Dec 11, 2018 News!IJIEE Vol. 8, No. 4 issue has been published online!   [Click]
  • Aug 31, 2018 News!IJIEE Vol. 8, No. 3 issue has been published online!   [Click]
General Information
    • ISSN: 2010-3719
    • Frequency: Bimonthly
    • DOI: 10.18178/IJIEE
    • Editor-in-Chief: Prof. Chandratilak De Silva Liyanage
    • Associate Executive Editor: Ms. Jennifer Zeng
    • Executive Editor: Mr. Ron C. Wu
    • Abstracting/ Indexing : Google Scholar, Electronic Journals Library, Crossref and ProQuest, Ei (INSPEC, IET).
    • E-mail ijiee@ejournal.net

Faculty of Science, University of Brunei Darussalam, Brunei Darussalam   
" It is a great honor to serve as the editor-in-chief of IJIEE. I'll work together with the editorial team. Hopefully, IJIEE will be recognized among the readers in the related field."
IJIEE 2011 Vol.1(1): 38-46 ISSN: 2010-3719
DOI: 10.7763/IJIEE.2011.V1.6

Detecting and Defeating SQL Injection Attacks

Sangita Roy, Avinash Kumar Singh, and Ashok Singh Sairam

Abstract—The increasing dependence on web applications have made them a natural target for attackers. Among these attacks SQL Injection Attacks (SQLIA) are the most prevalent. In this paper we propose a SQL injection vulnerability scanner that is light-weight, fast and has a low false positive rate. These scanners prove as a practical tool to discover the vulnerabilities in a web application as well as to test the efficiency of counter attack mechanisms. In the latter part of our work we propose a security mechanism to counter SQL Injection Attacks. Our security methodology is based on the design of a filter for the HTTP request send by clients or users and look for attack signatures. The proposed filter is generic in the sense that it can be used with any web application. Finally we test our proposed security mechanism using the vulnerability scanner developed by us as well as other well known scanners. The proposed security mechanism is able to counter all the vulnerabilities that were previously reported before the deployment of our security framework.

Index Terms—SQL Injection Attacks, URL filter, Web Application Vulnerability Scanner.

Sangita Roy is with the Indian Institute of Technology, Patna, Bihar, India (e-mail: r_sangita@iitp.ac.in).
Avinash Kumar Singh is with the Gwalior Engineering College, Gwalior, MP, India (e-mail: avinashkumarsingh1986@ gmail.com).
Ashok Singh Sairam is with the Indian Institute of Technology, Patna, Bihar, India (e-mail: ashok@iitp.ac.in).


Cite: Sangita Roy, Avinash Kumar Singh and Ashok Singh Sairam, "Detecting and Defeating SQL Injection Attacks," International Journal of Information and Electronics Engineering vol. 1, no. 1, pp. 38-46, 2011.

Copyright © 2008-2018. International Journal of Information and Electronics Engineering. All rights reserved.
E-mail: ijiee@ejournal.net