Understanding Query Vulnerabilities for Various SQL Injection Techniques

Chandrasekhar, U.; Singh, Digvijay

doi:10.1007/978-81-322-1665-0_109

U. Chandrasekhar⁴ &
Digvijay Singh⁴

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 243))

1247 Accesses

Abstract

SQL injections pose a lot of risk to e-commerce sites as well as Web pages that are database driven. There are various kinds of SQL injections. For each type, there are different ways of interpreting the errors and cracking the query for exploiting the Web site. This paper discusses how to understand the errors for each type of injection. This will help us find exhaustive solutions to every kind of injection strategy. This paper also suggests few remedies to defend and prevent such attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 259.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Baranwal, A.K.: EECE 571B. Term Survey Paper
Google Scholar
Halfond, W.G.J., Viegas, J., Orso, A.: A classification of SQL injection attacks and countermeasures. IEEE (2006)
Google Scholar
Lee, I., Jeong, S.,Yeo, S., Moon, J.: A Novel Method for SQL Injection Attack Detection Based on Removing SQl Query Attribute Values, vol. 55, pp. 58–68. Elsevier Ltd (2012) (All right reserved)
Google Scholar
Singh, N., Purwar, R.K.: SQL Injection-A Hazard to Web Application, vol. 2(6) (2012)
Google Scholar
Wu, H., Gao, G., Miao, C.: Test SQL injection vulnerabilities in web applications based on structure matching. IEEE 978-1-4577-1587-7/11/2011
Google Scholar
Huang, B., Xie, T.,Ma, Y.: Anti SQL injection With statements sequence digest. IEEE 978-1-4577-1964-6/12 2012
Google Scholar
Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. IEEE 978-0-7695-4692-6/12 2012
Google Scholar
Jiao, G., Xu, C.-M., Maohua, J.: SQLIMW: a new mechanism against SQL-injection. IEEE 978-0-7695-4719-0/12 2012
Google Scholar
Patel, N., Mohammed, F., Soni, S.: SQL injection attacks: techniques and protection mechanisms. IJCSE. 3(1) (2011)
Google Scholar
Giri, D.R., Kumar, S.P., Prasanna Kumar,L., Vishnu Murthy, R.N.V.: Object oriented approach to SQL injection preventer. ICCCNT (2012)
Google Scholar
AL-Khashab, E., Al-anzi, F.S., Salman, A.A.: PSIAQOP: Preventing SQL Injection Attacks Based on Query Optimization Process. ACM 978-1-4503-0793-2 (2011)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Information Technology and Engineering—SITE, VIT Universtiy, Vellore, India
U. Chandrasekhar & Digvijay Singh

Authors

U. Chandrasekhar
View author publications
You can also search for this author in PubMed Google Scholar
Digvijay Singh
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to U. Chandrasekhar .

Editor information

Editors and Affiliations

Computer Science and Engineering, National Institute of Technology Rourkela, Rourkela, Orissa, India
Durga Prasad Mohapatra
Computer Science and Engineering, SOA University, Bhubaneswar, India
Srikanta Patnaik

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Chandrasekhar, U., Singh, D. (2014). Understanding Query Vulnerabilities for Various SQL Injection Techniques. In: Mohapatra, D.P., Patnaik, S. (eds) Intelligent Computing, Networking, and Informatics. Advances in Intelligent Systems and Computing, vol 243. Springer, New Delhi. https://doi.org/10.1007/978-81-322-1665-0_109

Download citation

DOI: https://doi.org/10.1007/978-81-322-1665-0_109
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-1664-3
Online ISBN: 978-81-322-1665-0
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics