Survey and Comparative Analysis of SQL Injection Attacks, Detection and Prevention Techniques for Web Applications Security

Web applications witnessed a rapid growth for online business and transactions are expected to be secure, efficient and reliable to the users against any form of injection attacks. SQL injection is one of the most common application layer attack techniques used today by hackers to steal data from organizations. It is a technique that exploits a security vulnerability occurring in the database layer of a web application. The attack takes advantage of poor input validation in code and website administration. It allows attackers to obtain illegitimate access to the backend database to change the intended application generated SQL queries. . In spite of the development of different approaches to prevent SQL injection, it still remains a frightening risk to web applications. In this paper, we present a detailed review on various types of SQL injection attacks, detection and prevention techniques, and their comparative analysis based on the performance and practicality. DOI: 10.17762/ijritcc2321-8169.150613

A Survey on SQL injection: vulnerabilities, attacks, and prevention techniques

In this paper, we present a detailed review on various types of SQL injection attacks, vulnerabilities, and prevention techniques. Alongside presenting our findings from the survey, we also note down future expectations and possible development of countermeasures against SQL injection attacks

A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques

In this paper, we present a detailed review on various types of SQL injection attacks, vulnerabilities, and prevention techniques. Alongside presenting our findings from the survey, we also note down future expectations and possible development of countermeasures against SQL injection attacks.

A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies

In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks

A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies

In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks

Approaches to detect SQL injection and XSS in web applications

ABSTRACT We are increasingly relying on web, and accessing important information as well as transmitting data through it. At the same time, quantity and impact of security vulnerabilities in such applications has grown as well. Billions of transactions are performed online with the help of various kinds of web applications. Almost in all of them user is authenticated before providing access to backend database for storing all the information. In this whole scenario a well-designed injection can provide access to malicious or unauthorized users and mostly achieved through SQL injection and Crosssite scripting (XSS). In this paper we are going to provide a detailed survey of various kinds of SQL injection, XSS attacks and approaches to detect and prevent them. Furthermore we are also going to provide a comparative analysis of different approaches against these attacks. And then we are also going to present our findings and note down future expectations and expected development of counter measures against these attacks

DIWeDa - Detecting Intrusions in Web Databases.

Abstract. There are many Intrusion Detection Systems (IDS) for networks and operating systems and there are few for Databases-despite the fact that the most valuable resources of every organization are in its databases. The number of database attacks has grown, especially since most databases are accessible from the web and satisfactory solutions to these kinds of attacks are still lacking. We present DIWeDa -a practical solution for detecting intrusions to web databases. Contrary to any existing database intrusion detection method, our method works at the session level and not at the SQL statement or transaction level. We use a novel SQL Session Content Anomaly intrusion classifier and this enables us to detect not only most known attacks such as SQL Injections, but also more complex kinds of attacks such as Business Logic Violations. Our experiments implemented the proposed intrusion detection system prototype and showed its feasibility and effectiveness