A Discriminative Survey on SQL Injection Methods to Detect Vulnerabilities in Web applications

SQL Injection Attacks are extremely sober intrusion assaults on web based application since such types of assaults could reveals the secrets and safety of information. In actuality, illegal personnel intrude to the web based database and then after consequently, access to the information. To avoid such type of assault different methods are recommended by various researchers but they are not adequate since most of implemented methods will not prevent all type of assaults. In this paper we did survey on the various sorts of SQL Injection attacks and on the various present SQL Injection Attacks avoidance methods available. We analyzed that the existing SQL Injection Attacks avoidance methods will require the client side information, one by one and then authenticate which will create typical the developer’s job to write different validation codes for every web page which is receiving in the server side. Keywords: SQL Injection, Attacks, Vulnerability, WWW, XS

Using parse tree validation to prevent SQL injection attacks

An SQL injection attack targets interactive web applications that employ database services. Such applications accept user input, such as form fields, and then include this input in database requests, typically SQL statements. In SQL injection, the attacker provides user input that results in a different database request than was intended by the application programmer. That is, the interpretation of the user input as part of a larger SQL statement, results in an SQL statement of a different form than originally intended. We describe a technique to prevent this kind of manipulation and hence eliminate SQL injection vulnerabilities. The technique is based on comparing, at run time, the parse tree of the SQL statement before inclusion of user input with that resulting after inclusion of input. Our solution is efficient, adding about 3 ms overhead to database query costs. In addition, it is easily adopted by application programmers, having the same syntactic structure as current popular record set retrieval methods. For empirical analysis, we provide a case study of our solution in J2EE. We implement our solution in a simple static Java class, and show its effectiveness and scalability. 1

Prevention of SQL Injection Attacks using AWS WAF

SQL injection is one of several different types of code injection techniques used to attack data driven applications. This is done by the attacker injecting an input in the query not intended by the programmer of the application gaining the access of the database which results in potential reading, modification or deletion of users’ data. The vulnerabilities are due to the lack of input validation which is the most critical part of software security that is often not properly covered in the design phase of the software development lifecycle. This paper presents different techniques and some of the countermeasures for detection and prevention of SQL injection attacks. The proposed procedure in the paper is to use a database firewall between the client (user) side and the database server through AWS to avoid the malicious codes injected by the attackers

A New View on Classification of Software Vulnerability Mitigation Methods

Software vulnerability mitigation is a well-known research area and many methods have been proposed for it Some papers try to classify these methods from different specific points of views In this paper we aggregate all proposed classifications and present a comprehensive classification of vulnerability mitigation methods We define software vulnerability as a kind of software fault and correspond the classes of software vulnerability mitigation methods accordingly In this paper the software vulnerability mitigation methods are classified into vulnerability prevention vulnerability tolerance vulnerability removal and vulnerability forecasting We define each vulnerability mitigation method in our new point of view and indicate some methods for each class Our general point of view helps to consider all of the proposed methods in this review We also identify the fault mitigation methods that might be effective in mitigating the software vulnerabilities but are not yet applied in this area Based on that new directions are suggested for the future researc

A research in SQL injection.

Leung Siu Kuen.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 67-68).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Motivation --- p.1Chapter 1.1.1 --- A Story --- p.1Chapter 1.2 --- Overview --- p.2Chapter 1.2.1 --- Introduction of SQL Injection --- p.4Chapter 1.3 --- The importance of SQL Injection --- p.6Chapter 1.4 --- Thesis organization --- p.8Chapter 2 --- Background --- p.10Chapter 2.1 --- Flow of web applications using DBMS --- p.10Chapter 2.2 --- Structure of DBMS --- p.12Chapter 2.2.1 --- Tables --- p.12Chapter 2.2.2 --- Columns --- p.12Chapter 2.2.3 --- Rows --- p.12Chapter 2.3 --- SQL Syntax --- p.13Chapter 2.3.1 --- SELECT --- p.13Chapter 2.3.2 --- AND/OR --- p.14Chapter 2.3.3 --- INSERT --- p.15Chapter 2.3.4 --- UPDATE --- p.16Chapter 2.3.5 --- DELETE --- p.17Chapter 2.3.6 --- UNION --- p.18Chapter 3 --- Details of SQL Injection --- p.20Chapter 3.1 --- Basic SELECT Injection --- p.20Chapter 3.2 --- Advanced SELECT Injection --- p.23Chapter 3.2.1 --- Single Line Comment (--) --- p.23Chapter 3.2.2 --- Guessing the number of columns in a table --- p.23Chapter 3.2.3 --- Guessing the column name of a table (Easy one) --- p.26Chapter 3.2.4 --- Guessing the column name of a table (Difficult one) . --- p.27Chapter 3.3 --- UPDATE Injection --- p.29Chapter 3.4 --- Other Attacks --- p.30Chapter 4 --- Current Defenses --- p.32Chapter 4.1 --- Causes of SQL Injection attacks --- p.32Chapter 4.2 --- Defense Methods --- p.33Chapter 4.2.1 --- Defensive Programming --- p.34Chapter 4.2.2 --- hiding the error messages --- p.35Chapter 4.2.3 --- Filtering out the dangerous characters --- p.35Chapter 4.2.4 --- Using pre-complied SQL statements --- p.36Chapter 4.2.5 --- Checking for tautologies in SQL statements --- p.37Chapter 4.2.6 --- Instruction set randomization --- p.38Chapter 4.2.7 --- Building the query model --- p.40Chapter 5 --- Proposed Solution --- p.43Chapter 5.1 --- Introduction --- p.43Chapter 5.2 --- Natures of SQL Injection --- p.43Chapter 5.3 --- Our proposed system --- p.44Chapter 5.3.1 --- Features of the system --- p.44Chapter 5.3.2 --- Stage 1 - Checking with current signatures --- p.45Chapter 5.3.3 --- Stage 2 - SQL Server Query --- p.45Chapter 5.3.4 --- Stage 3 - Error Triggering --- p.46Chapter 5.3.5 --- Stage 4 - Alarm --- p.50Chapter 5.3.6 --- Stage 5 - Learning --- p.50Chapter 5.4 --- Examples --- p.51Chapter 5.4.1 --- Defensing BASIC SELECT Injection --- p.52Chapter 5.4.2 --- Defensing Advanced SELECT Injection --- p.52Chapter 5.4.3 --- Defensing UPDATE Injection --- p.57Chapter 5.5 --- Comparison --- p.59Chapter 6 --- Conclusion --- p.62Chapter A --- Commonly used table and column names --- p.64Chapter A.1 --- Commonly used table names for system management --- p.64Chapter A.2 --- Commonly used column names for password storage --- p.65Chapter A.3 --- Commonly used column names for username storage --- p.66Bibliography --- p.6

Modern Approach for WEB Applications Vulnerability Analysis

The numbers of security vulnerabilities that are being found today are much higher in applications than in operating systems. This means that the attacks aimed at web applications are exploiting vulnerabilities at the application level and not at the transport or network level like common attacks from the past. At the same time, quantity and impact of security vulnerabilities in such applications has grown as well. Many transactions are performed online with various kinds of web applications. Almost in all of them user is authenticated before providing access to backend database for storing all the information. A well-designed injection can provide access to malicious or unauthorized users and mostly achieved through SQL injection and Cross-site scripting (XSS). In this thesis we are providing a vulnerability scanning and analyzing tool of various kinds of SQL injection and Cross Site Scripting (XSS) attacks. Our approach can be used with any web application not only the known ones. As well as it supports the most famous Database management servers, namely MS SQL Server, Oracle, and MySQL. We validate the proposed vulnerability scanner by developing experiments to measure its performance. We used some performance metrics to measure the performance of the scanner which include accuracy, false positive rate, and false negative rate. We also compare the performance results of it with performance of similar tools in the literature