Abstract
One of the top 10, 2017 attacks in the world is SQL injection. Though there are a number of different approaches available to prevent the SQL injection attack, it’s considered as a serious security threat to Web applications, even today. SQL injection employs a code injection technique of hacking login credentials or other information that destroys your database. In this paper, we presented a new reversed insertion algorithm using a simple technique which prevents almost all types of SQL injection. This proposed model is implemented and tested by developing a prototype using SQL map. The proposed model shows a high level of security with an accuracy of 92%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Avresky, D., Arlat, J., Laprie, J.C., Crouzet, Y.: Fault injection for tolerance. IEEE Trans. Reliab. 45(3), 443–455 (1994)
Gudipati, V.K., Venna, T., Subburaj, S., Abuzaghleh, O.: Advanced automated SQL injection attacks and defensive mechanisms. In: IEEE Transactions on Security (2016)
Halfond, W.G.J., Viegas, J., Orso, A.: A classification of SQL injection attacks and countermeasures. In: Proceedings of the International Symposium on Secure Software Engineering, March 2006
Chellamal, P., Vilasini, V.: Eliminate SQL injection using LINQ. IJARCST 2(1), 361 (2014)
Atoum, J.O., Qaralleh, A.J.: A hybrid techniques for SQL injection attacks detection and prevention. IJDMS 6(1), 21 (2014)
Stallings, W.: Network Security Essentials Applications and Standards, 3rd edn. Prentice Hall, Upper Saddle River (2011). ISBN 13: 978-0-13-706792-3
Anjugam, S., Murugan, A.: Preventing SQL injection attacks. Int. J. Adv. Softw. Eng. 4(4), 174–177 (2014)
Halfond, W.G.J., Orso, A.: Preventing SQL injection attacks. In: IEEE/ACM International Conference on Automated Software Engineering, pp. 174–183 (2005)
Powell, D., Stroud, R.: Conceptual Model and Architecture. Deliverable D21 Edition (2003)
Hanmanthu, B., Raghu Ram, B., Niranjan, P.: SQL injection prevention based on decision tree classification. In: IEEE International Conference on Intelligent System and Control (2015)
Kaur, H., Dhingra, S.: A Practical approach for SQL injection prevention attacks using IPS. Int. J. Adv. Res. Comput. Commun. Eng. 3(10), 8118–8122 (2014)
Balasundaram, I., Ramraj, E.: An authentication mechanism to prevent SQL injection attacks. Int. J. Comput. Appl. 19(1), 30–33 (2011)
Lee, I., Jeong, S., Yeo, S., Moon, J.: A novel method for SQL injection attack detection based on removing SQL query attribute value. Math. Comput. Model. 55(1–2), 58–68 (2012)
Avireddy, S., Perumal, V. et al.: Random 4: an application specific randomized encryption algorithm to prevent SQL injection. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1327–1333, June 2012
Anjugam, S., Murugan, A.: Efficient methods for preventing SQL injection attack on web application using encryption and tokenization. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 4(4), 173–177 (2014)
Dharam, R., Shiva, S.G.: Runtime monitoring technique to handle tautology based SQL injection attacks. Int. J. Cyber-Secur. Digit. Forensics (IJCSDF) 1, 189–203 (2012). ISSN: 2305-0012
Fonseca, J., Vieira, M., Madeira, H.: The evaluation of web security mechanisms using vulnerability & attack injection. IEEE Trans. Dependable Secur. Comput. 11(5), 440–453 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Raj, S.N., Sherly, E. (2018). An SQL Injection Defensive Mechanism Using Reverse Insertion Technique. In: Bhattacharyya, P., Sastry, H., Marriboyina, V., Sharma, R. (eds) Smart and Innovative Trends in Next Generation Computing Technologies. NGCT 2017. Communications in Computer and Information Science, vol 828. Springer, Singapore. https://doi.org/10.1007/978-981-10-8660-1_25
Download citation
DOI: https://doi.org/10.1007/978-981-10-8660-1_25
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8659-5
Online ISBN: 978-981-10-8660-1
eBook Packages: Computer ScienceComputer Science (R0)