Proposing an innovative TCS Key as a prevention measure from the SQL injection attacks and vulnerabilities

  IJCTT-book-cover
 
International Journal of Computer Trends and Technology (IJCTT)          
 
© 2016 by IJCTT Journal
Volume-33 Number-2
Year of Publication : 2016
Authors : Dr. Amit Chaturvedi, Shailendra Bagdi
  10.14445/22312803/IJCTT-V33P114

MLA

Dr. Amit Chaturvedi, Shailendra Bagdi "Proposing an innovative TCS Key as a prevention measure from the SQL injection attacks and vulnerabilities". International Journal of Computer Trends and Technology (IJCTT) V33(2):65-70, March 2016. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.

Abstract -
Due to the various Web server vulnerabilities and procedure of the inflexibility leads to a Web server script for attacks was increasing. These attacks mostly use ASP or PHP scripting injections. Website rapid expansion based on both ASP and PHP are also slowly becomes the mainstream. Attacks through SQL injection use the insert harmful character in their attack technology. The attacker using input data legitimacy detection not strictly or not detection characteristics, deliberately in a different way from client submit special code to manipulate data, thus collection procedures and server information, obtain the desired information. In this paper, we are proposing a new interface of the user login page and a methodology of generating the secret key. That will improves the security system of the websites have important or confidential information of the users like banks, reservation system, etc.

References
[1] Inyong Lee, Soonki Jeong, Sangsoo Yeo, Jongsub Moon, A novel method for SQL injection attack detection based on removing SQL query attribute values, Journal of Mathematical and Computer Modeling, Elsevier Ltd, 2011, pages: 1-11.
[2] Kiezun, A., Guo, P. J., Jayaraman, K., & Ernst, M. D. (2009). Automatic Creation of SQL Injection and Cross- Site Scripting Attacks. ICSE ’09. 199-209. Vancouver, Canada.
[3] Wright, C., Freedman, B., & Liu, D. (2008). The IT Regulatory and Standards Compliance Handbook. Burlington, MA, USA: Syngress.
[4] Midian, P. (2003). How to ensure effective penetration test. Information Security Technical Report, 8(4), 65- 77.
[5] Basta, A., & Halton, W. (2008). Computer Security and Penetration Testing. USA: Thomson Course Technology. [6] Halfond, W. G. J., & Orso, A. (2005). EMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. ASE ’05, 174-183. Long Beach, California, USA.
[7] Kemalis, K., & Tzouramanis, T. (2008). SQL-IDS: A Specification-based Approach for SQL-Injection Detection. SAC ’08. 2153-2158. Fertaleza, Ceara, Brazil. [8] Newson, A. (2005). Network Threats and Vulnerability Scanner, Network Security, pp. 13-15.
[9] Su, Z., & Wassermann, G. (2006, January 11). The Essence of Command Injection Attack in Web Applications. POPL ’06, 372-382, Charleston, South California, USA.
[10] W.G.J. Halfond, A. Orso, P. Manolios, WASP: protecting web applications using positive tainting and syntax-aware evaluation, IEEE Transactions on Software Engineering, 2008, vol. 34 (1), pages: 65–81.
[11] MeiJunjin, An approach for SQL injection vulnerability detection, IEEE Sixth International Conference on Information Technology: New Generations, pages: 1411- 1414, 2009.
[12] Lijiu Zhang, Qing Gu, Shushen Peng, Xiang Chen, Haigang Zhao, Daoxu Chen, “D-WAV: A Web Application Vulnerabilities Detection Tool Using Characteristics of Web Forms”, IEEE Fifth International Conference on Software Engineering Advances, pages: 501-507, 2010.
[13] K. Natarajan, S. Subramani, “Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks”, Procedia Technology 4 ( 2012 ) pp. 790 – 796
[14] S. W. Boyd and A. D. Keromytis. SQLrand: Preventing SQLinjection attacks. In Proceedings of the 2nd Applied Cryptography and Network Security (ACNS) Conference, pages 292–302, June 2004.
[15] “Web Application Attack Prevention for Tiered Internet Service ” Susanta Nanda, Lap Chung Lam, Fourth Intenational Conference IEEE 2008.
[16] Abhishek Kumar Baranwal, Approaches to detect SQL Injection and XSS in web applications,EECE 571b,Term Survey paper, April 2012.
[17] Sonam Panda, 1 Ramani S2, “Protection of Web Application against Sql Injection Attacks”, International Journal of Modern Engineering Research (IJMER) Vol.3, Issue.1, Jan-Feb. 2013 pp-166-168 ISSN: 2249- 6645.
[18] Mihir Gandhi, JwalantBaria,s “SQL INJECTION Attacks in Web Application” International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-6, January 2013.
[19] jin-cherng li and jan-min chen “The Automatic Defence Mechanism for Malicious Injection Attack”. Seventh international conference on computer and information technology 2007.
[20] Zeinab Raveshi, Sonali R.Idate "Investigation and Analysis of SQL Injection Attacks on Web Applications: Survey" International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-2, Issue-3 February 2013.
[21] Priyanka, Vijay Kumar Bohat,” Detection of SQL Injection Attack and Various Prevention Strategies”, International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-2, Issue-4, April 2013.
[22] R.Rani, B.S.Kumar, L.T.R.Rao, V.T.S. Jagdish, M.Pradeep, “Web Security by Preventing SQL Injection Using Encryption in Stored Procedures”, IJCSIT, Vol 3(2), 2012,3689-3692, ISSN : 0975-9646.

Keywords
That will improves the security system of the websites have important or confidential information of the users like banks, reservation system, etc.