Abstract
Web has become buzz word for business in recent times. With the increase in attacks, web database applications become more vulnerable. Structure Query Language is most commonly used for database attack. As per the Open Web Application Security Project (OWASP) the top 5 attacks out of 10 are related to Structured Query Language (SQL). Database attack solutions fall into two category: Defensive coding and filters. The focus of such attacks is on data manipulation, steal and by pass authorization. In this paper authors have prepared a Dynamic Network filter to detect and prevent database attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
OWASP Top Ten projects, https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project (accessed May 31, 2014)
Godbole, N., Belapure, S.: Cyber Security – understanding Cyber Crimers, Computer Forensics and Legal Perspectives, pp. 495–499, 165–170. Wiley, India (2011)
The 2013 Data Breach Investigations Report: http://www.verizonenterprise.com/DBIR/2013/ , Verizon
Lesov, P.: How the database security controls adapted to threats over the last 30 years. University of Minnesota, CS 8701 (Fall 2008)
Internet User World Statistics: http://www.internetworldstats.com/stats.htm (visited September 5, 2013)
Tajpour, A., Masrom, M., Heydari, M.Z., Ibrahim, S.: SQL injection detection and prevention tools assessment. In: Proc. of ICCSIT 2010, July 9-11, vol. 9, pp. 518–522 (2010)
Halfond, W.G., Viegas, J., Orso, A.: A Classification of SQLInjection Attacks and Countermeasures. In: Proc. of the Intl. Symposium on Secure Software Engineering (March 2006)
Martin, M., Livshits, B., Lam, M.S.: Finding Application Errors and Security Flaws Using PQL: A Program Query Language. In: Proceedings of the 20th Annual ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA 2005), pp. 365–383 (2005)
Tajpour, A., Ibrahim, S., Sharifi, M.: Web Application Security by SQL Injection DetectionTools. IJCSI International Journal of Computer Science Issues 9(2(3)) (March 2012)
Halfond, W.G., Orso, A.: AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In: Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005), Long Beach, CA, USA (November 2005)
Abdoulaye, D., Pathan, A.-S.K.: A Survey on SQL Injection: Vulnerabilities, attacks AND Prevention Techniques. In: IEEE 15th International Symposiam on Consumer Electronics (2011)
Tajpour, A., Massrum, M., Heydari, M.Z.: Comparison of SQL Injection Detection and Prevention Techniques. In: 2nd International Conference on Education Technology and Computer, ICETC (2012)
Sunitha, K.V.N., Sridevi, M.: Automated Detection System for SQL Injection Attack. IJCSS 4(4)
Sravanthi, A., Jayasree Devi, K., Sudha Reddy, K., Indira, A., Satish Kumar, V.: Detecting sql injections from web applications. [IJESAT] International Journal of Engineering Science & Advanced Technology 2(3), 664–671
Johri, R., Sharma, P.: A Survey on Web Application Vulnerabilities (SQLIA and XSS) Exploitation and Security Engine for SQL Injection. IEEE (2012)
Alneyadi, S., Sithirasenan, E., Muthukkumarasamy, V.: Word N-Gram Based Classification for Data Leakage Prevention. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 578–585 (2013)
Singh, N., Purwar, R.K.: SQL Injections – A Hazard to Web Applications. IJARCSSE 2(6) (June 2012) ISSN: 2277 128X
Shabtai, A., et al.: A Survey of Data Leakage Detection and Prevention Solutions. Springer Briefrs in Computer Science (2012), doi: 10.1007/978-1-4614-2053-8_1
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Doshi, J.C., Christian, M., Trivedi, B.H. (2014). SQL FILTER – SQL Injection Prevention and Logging Using Dynamic Network Filter. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_39
Download citation
DOI: https://doi.org/10.1007/978-3-662-44966-0_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44965-3
Online ISBN: 978-3-662-44966-0
eBook Packages: Computer ScienceComputer Science (R0)