Abstract
SQL injections pose a lot of risk to e-commerce sites as well as Web pages that are database driven. There are various kinds of SQL injections. For each type, there are different ways of interpreting the errors and cracking the query for exploiting the Web site. This paper discusses how to understand the errors for each type of injection. This will help us find exhaustive solutions to every kind of injection strategy. This paper also suggests few remedies to defend and prevent such attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Baranwal, A.K.: EECE 571B. Term Survey Paper
Halfond, W.G.J., Viegas, J., Orso, A.: A classification of SQL injection attacks and countermeasures. IEEE (2006)
Lee, I., Jeong, S.,Yeo, S., Moon, J.: A Novel Method for SQL Injection Attack Detection Based on Removing SQl Query Attribute Values, vol. 55, pp. 58–68. Elsevier Ltd (2012) (All right reserved)
Singh, N., Purwar, R.K.: SQL Injection-A Hazard to Web Application, vol. 2(6) (2012)
Wu, H., Gao, G., Miao, C.: Test SQL injection vulnerabilities in web applications based on structure matching. IEEE 978-1-4577-1587-7/11/2011
Huang, B., Xie, T.,Ma, Y.: Anti SQL injection With statements sequence digest. IEEE 978-1-4577-1964-6/12 2012
Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. IEEE 978-0-7695-4692-6/12 2012
Jiao, G., Xu, C.-M., Maohua, J.: SQLIMW: a new mechanism against SQL-injection. IEEE 978-0-7695-4719-0/12 2012
Patel, N., Mohammed, F., Soni, S.: SQL injection attacks: techniques and protection mechanisms. IJCSE. 3(1) (2011)
Giri, D.R., Kumar, S.P., Prasanna Kumar,L., Vishnu Murthy, R.N.V.: Object oriented approach to SQL injection preventer. ICCCNT (2012)
AL-Khashab, E., Al-anzi, F.S., Salman, A.A.: PSIAQOP: Preventing SQL Injection Attacks Based on Query Optimization Process. ACM 978-1-4503-0793-2 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer India
About this paper
Cite this paper
Chandrasekhar, U., Singh, D. (2014). Understanding Query Vulnerabilities for Various SQL Injection Techniques. In: Mohapatra, D.P., Patnaik, S. (eds) Intelligent Computing, Networking, and Informatics. Advances in Intelligent Systems and Computing, vol 243. Springer, New Delhi. https://doi.org/10.1007/978-81-322-1665-0_109
Download citation
DOI: https://doi.org/10.1007/978-81-322-1665-0_109
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-1664-3
Online ISBN: 978-81-322-1665-0
eBook Packages: EngineeringEngineering (R0)