SQLIAD – A Hazard to Web Applications

  IJCTT-book-cover
 
International Journal of Computer Trends and Technology (IJCTT)          
 
© 2015 by IJCTT Journal
Volume-29 Number-1
Year of Publication : 2015
Authors : Fyrooz Nidhal , Hiba Naser R N , Nahida Abdul Latheef , Shahsitha Siddique V , Yomna Kalam A V, Neethu Prabhakaran P
  10.14445/22312803/IJCTT-V29P103

MLA

Fyrooz Nidhal , Hiba Naser R N , Nahida Abdul Latheef , Shahsitha Siddique V , Yomna Kalam A V, Neethu Prabhakaran P "SQLIAD – A Hazard to Web Applications". International Journal of Computer Trends and Technology (IJCTT) V29(1):15-18, October 2015. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.

Abstract -
SQLIA has been now a major threat to the growing popularity of web application. The main target of this attack is the database. This allows attackers to obtain unauthorised access to database .In this paper we survey different types of SQLIAs and prevention methods. To address this problem we propose a mixed approach for prevention of SQLIA .This paper ensures that the untrusted data are validated against a list of allowable values. Least privilege principle is applied to SQL account used by web application. We avoid query concatenation at almost all costs and use parameterized queries wherever possible.

References
[1] Evaluation of SQL Injection Detection and Prevention Techniques By Atefeh Tajpour , Centre for Advanced Software Engineering (CASE) ,University Technology Malaysia ,Kuala Lumpur, Malaysia ; Mohammad JorJor zade Shooshtari ,Centre for Advanced Software Engineering (CASE) ,University Technology Malaysia,Kuala Lumpur, Malaysia
[2] A Survey on Sql Injection: Vulnerabilities, Attacks, and Prevention Techniques by Diallo Abdoulaye Kindy and Al-Sakib Khan Pathan Department of Computer Science, International Islamic University Malaysia, Malaysia
[3] A Survey of SQL Injection Defense Mechanisms By Kasra Amirtahmasebi, Seyed Reza Jalalinia and Saghar Khadem, Chalmers University of Technology, Sweden
[4] Detecting and Defeating SQL Injection Attacks by Sangita Roy, Avinash Kumar Singh and Ashok Singh Sairam, senior member IACSIT,vol. 3, issue 5,may 2015.
[5] SQL Injections –A hazard to web applications by Neha Singh and Ravindrakumar Purwar, IJARCSSE Research paper, volume 2, issue 6 June 2012.
[6] Early detection of SQL Injection attacks by Hossain Shahriar, Sarah North and Wei Chuen Chen, IJNSA, volume 5, no 4, july2013.

Keywords
SQLIA, Database, Vulnerabilities, attacker, web security, detection, prevention, web application.