This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
|
||||||||
|
Paper Details
Paper Title
Comparison Between Various Detection and Prevention Techniques for SQL Injection Attacks
Authors
  Anurekh kumar,  Shobha bhatt
Abstract
In this paper, we present a detailed review on using dynamic queries, there are lots of chances that a user may inject in the query some extra statements that can result in a different database request. Thus SQL injection gives information can be stolen from the database. Most applications are designed in a way that the request of data from database is done through user inputs. An attacker can inject in the original SQL query and obtain, change, or view data for which he does not have permission. The aim of our research is to develop a method that detects and prevents SQL injection attacks by checking whether user inputs cause changes in the query's intended result. We proposed a method to detect SQL injection attacks by using Query tokenization that is implemented by the QueryParser method. When attacker is making SQL injection he should probably use a space, single quotes or double dashes in his input. Our method consists of tokenizing original query and a query with injection separately, the tokenization is performed by detecting a space, single quote or double dashes and all strings before each symbol constitute a token. After tokens are formed they all make an array for which every token is an element of the array. Two arrays resulting from both original query and a query with injection are obtained and their lengths are compared to detect whether there is injection or not. As a result, the access to data can be granted or denied once the lengths of the arrays are the same or different respectively.
Keywords- IndexTerms - Tokenization, SQL Injection Attacks.
Publication Details
Unique Identification Number - IJEDR1503033Page Number(s) - Pubished in - Volume 3 | Issue 3 | July 2015DOI (Digital Object Identifier) -    Publisher - IJEDR (ISSN - 2321-9939)
Cite this Article
  Anurekh kumar,  Shobha bhatt,   "Comparison Between Various Detection and Prevention Techniques for SQL Injection Attacks", International Journal of Engineering Development and Research (IJEDR), ISSN:2321-9939, Volume.3, Issue 3, pp., July 2015, Available at :http://www.ijedr.org/papers/IJEDR1503033.pdf
Article Preview
|
|
||||||
|