Detection and Prevention of SQL Injection Attacks

  Pratik H Sailor,  Prof. Jaydeep Gheewala

The Internet and web applications are playing very important role in our today's modern day life. Several activities of our daily life like browsing, online shopping and booking of travel tickets are becoming easier by the use of web applications. Most of the web applications use the database as a back-end to store critical information such as user credentials, financial and payment information, company statistics etc. An SQL injection attack targets web applications that are database-driven. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database. Multiple client side and server side vulnerabilities like SQL injection and cross site scripting are discovered and exploited by malicious users. The principle of basic SQL injection is to take advantage of insecure code on a system connected to the internet in order to pass commands directly to a database and to then take advantage of a poorly secured system to leverage an attacker's access. Even if the some security mechanisms can protect database successfully, we must need to know what kinds of attacks are happening. However, there are many SQL injection attacks which can bypass data filters, which makes it difficult for the application to effectively defend the database from attacks.

Keywords- SQL Injection, Vulnerabilities, Web Security, Threat, Risks, Cross Site Scripting attack

Unique Identification Number - IJEDR1402215
Page Number(s) - 2660-2666
Pubished in - Volume 2 | Issue 2 | June 2014
DOI (Digital Object Identifier) -   
Publisher - IJEDR (ISSN - 2321-9939)

  Pratik H Sailor,  Prof. Jaydeep Gheewala,   "Detection and Prevention of SQL Injection Attacks", International Journal of Engineering Development and Research (IJEDR), ISSN:2321-9939, Volume.2, Issue 2, pp.2660-2666, June 2014, Available at :http://www.ijedr.org/papers/IJEDR1402215.pdf