An SQL Injection Defensive Mechanism Using Reverse Insertion Technique

Raj, Shaji N.; Sherly, Elizabeth

doi:10.1007/978-981-10-8660-1_25

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 828))

Included in the following conference series:

International Conference on Next Generation Computing Technologies

1539 Accesses
2 Citations

Abstract

One of the top 10, 2017 attacks in the world is SQL injection. Though there are a number of different approaches available to prevent the SQL injection attack, it’s considered as a serious security threat to Web applications, even today. SQL injection employs a code injection technique of hacking login credentials or other information that destroys your database. In this paper, we presented a new reversed insertion algorithm using a simple technique which prevents almost all types of SQL injection. This proposed model is implemented and tested by developing a prototype using SQL map. The proposed model shows a high level of security with an accuracy of 92%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Avresky, D., Arlat, J., Laprie, J.C., Crouzet, Y.: Fault injection for tolerance. IEEE Trans. Reliab. 45(3), 443–455 (1994)
Article Google Scholar
Gudipati, V.K., Venna, T., Subburaj, S., Abuzaghleh, O.: Advanced automated SQL injection attacks and defensive mechanisms. In: IEEE Transactions on Security (2016)
Google Scholar
Halfond, W.G.J., Viegas, J., Orso, A.: A classification of SQL injection attacks and countermeasures. In: Proceedings of the International Symposium on Secure Software Engineering, March 2006
Google Scholar
Chellamal, P., Vilasini, V.: Eliminate SQL injection using LINQ. IJARCST 2(1), 361 (2014)
Google Scholar
Atoum, J.O., Qaralleh, A.J.: A hybrid techniques for SQL injection attacks detection and prevention. IJDMS 6(1), 21 (2014)
Article Google Scholar
Stallings, W.: Network Security Essentials Applications and Standards, 3rd edn. Prentice Hall, Upper Saddle River (2011). ISBN 13: 978-0-13-706792-3
Google Scholar
Anjugam, S., Murugan, A.: Preventing SQL injection attacks. Int. J. Adv. Softw. Eng. 4(4), 174–177 (2014)
Google Scholar
Halfond, W.G.J., Orso, A.: Preventing SQL injection attacks. In: IEEE/ACM International Conference on Automated Software Engineering, pp. 174–183 (2005)
Google Scholar
Powell, D., Stroud, R.: Conceptual Model and Architecture. Deliverable D21 Edition (2003)
Google Scholar
Hanmanthu, B., Raghu Ram, B., Niranjan, P.: SQL injection prevention based on decision tree classification. In: IEEE International Conference on Intelligent System and Control (2015)
Google Scholar
Kaur, H., Dhingra, S.: A Practical approach for SQL injection prevention attacks using IPS. Int. J. Adv. Res. Comput. Commun. Eng. 3(10), 8118–8122 (2014)
Article Google Scholar
Balasundaram, I., Ramraj, E.: An authentication mechanism to prevent SQL injection attacks. Int. J. Comput. Appl. 19(1), 30–33 (2011)
Google Scholar
Lee, I., Jeong, S., Yeo, S., Moon, J.: A novel method for SQL injection attack detection based on removing SQL query attribute value. Math. Comput. Model. 55(1–2), 58–68 (2012)
Article MathSciNet Google Scholar
Avireddy, S., Perumal, V. et al.: Random 4: an application specific randomized encryption algorithm to prevent SQL injection. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1327–1333, June 2012
Google Scholar
Anjugam, S., Murugan, A.: Efficient methods for preventing SQL injection attack on web application using encryption and tokenization. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 4(4), 173–177 (2014)
Google Scholar
Dharam, R., Shiva, S.G.: Runtime monitoring technique to handle tautology based SQL injection attacks. Int. J. Cyber-Secur. Digit. Forensics (IJCSDF) 1, 189–203 (2012). ISSN: 2305-0012
Google Scholar
Fonseca, J., Vieira, M., Madeira, H.: The evaluation of web security mechanisms using vulnerability & attack injection. IEEE Trans. Dependable Secur. Comput. 11(5), 440–453 (2014)
Article Google Scholar
https://www.w3schools.com/sql/sqlinjection.asp
https://www.owasp.org/index.php/Category

Download references

Author information

Authors and Affiliations

Mahathma Gandhi University, Kottayam, Kerala, India
Shaji N. Raj
IIITM-K, Techopark, Kazhakkoottam, Kerala, India
Elizabeth Sherly

Authors

Shaji N. Raj
View author publications
You can also search for this author in PubMed Google Scholar
Elizabeth Sherly
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shaji N. Raj .

Editor information

Editors and Affiliations

Indian Institute of Technology Patna, Patna, Bihar, India
Pushpak Bhattacharyya
University of Petroleum and Energy Studies, Dehradun, India
Hanumat G. Sastry
University of Petroleum and Energy Studies, Dehradun, India
Venkatadri Marriboyina
University of Petroleum and Energy Studies, Dehradun, India
Rashmi Sharma

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Raj, S.N., Sherly, E. (2018). An SQL Injection Defensive Mechanism Using Reverse Insertion Technique. In: Bhattacharyya, P., Sastry, H., Marriboyina, V., Sharma, R. (eds) Smart and Innovative Trends in Next Generation Computing Technologies. NGCT 2017. Communications in Computer and Information Science, vol 828. Springer, Singapore. https://doi.org/10.1007/978-981-10-8660-1_25

Download citation

DOI: https://doi.org/10.1007/978-981-10-8660-1_25
Published: 09 June 2018
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8659-5
Online ISBN: 978-981-10-8660-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics