SQLIADP: A Novel Framework to Detect and Prevent SQL Injection Attacks

Vemulakonda, Rajesh; Venkatesh, Ketha

doi:10.1007/978-981-32-9690-9_5

Rajesh Vemulakonda⁷ &
Ketha Venkatesh⁷

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 160))

840 Accesses
1 Citations

Abstract

Nowadays, Web-Based systems face a lot of threats. Web-Based systems completely rely on databases. SQL injection attacks are the most common and complex threat to the databases of Web-Based systems. Several approaches that protect web applications from SQL Injection attacks are available. Most of the techniques apply defense mechanics that perform on the SQL Injection attacks; much of them produce huge false positives and maximum response time. In this paper, we are proposing a novel framework, SQL Injection Attack Detection and Prevention (SQLIADP), combination of Java, web technologies, and Special Text Strings to protect the Web-Based systems against the SQL Injection attacks with zero false reduction and minimal response time. The implemented framework is very efficient and works effectively against SQL Injection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures. In: Proceedings of the IEEE International Symposium on Secure Software Engineering, vol. 1, pp. 13–15. IEEE (2006)
Google Scholar
Buja, G., Jalil, K.B.A., Ali, F.B.H.M., Rahman, T.F.A.: Detection model for SQL injection attack: an approach for preventing a web application from the SQL injection attack. In: 2014 IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), pp. 60–64. IEEE (2014)
Google Scholar
Appelt, D., Nguyen, C.D., Briand, L.: Behind an application firewall, are we safe from SQL injection attacks? In: 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST), pp. 1–10. IEEE (2015)
Google Scholar
Alwan, Z.S., Younis, M.F.: Detection and prevention of SQL injection attack: a survey. Int. J. Comput. Sci. Mobile Comput. 6(8), 5–17 (2017)
Google Scholar
Husák, M., Velan, P., Vykopal, J.: Security monitoring of http traffic using extended flows. In: 2015 10th International Conference on, Availability, Reliability and Security (ARES), pp. 258–265. IEEE (2015)
Google Scholar
Nadeem, R.M., Saleem, R.M., Bashir, R., Habib, S.: Detection and prevention of SQL injection attack by dynamic analyzer and testing model. Int. J. Adv. Comput. Sci. Appl. 8(8), 209–214 (2017)
Google Scholar
Ceccato, M., Nguyen, C.D., Appelt, D., Briand, L.C.: SOFIA: an automated security oracle for black-box testing of SQL-injection vulnerabilities. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, pp. 167–177. ACM 2016
Google Scholar
Appelt, D., Panichella, A., Briand, L.: Automatically repairing web application firewalls based on successful SQL injection attacks. In: 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE), pp. 339–350. IEEE (2017)
Google Scholar
Upathilake, R., Li, Y., Matrawy, A.: A classification of web browser fingerprinting techniques. In: 2015 7th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE (2015)
Google Scholar
Nagpal, B., Singh, N., Chauhan, N., Panesar, A.: Tool based implementation of SQL injection for penetration testing. In: 2015 International Conference on Computing, Communication and Automation (ICCCA), pp. 746–749. IEEE (2015)
Google Scholar

Download references

Acknowledgements

This study was supported by the following grant from the Siddhartha Academy of General and Technical Education, Vijayawada, A.P., INDIA under the Minor Research Projects grant with Inward No: 110/18 Dt: 28-02-2018.

Author information

Authors and Affiliations

Department of Computer Science and Engineering, PVP Siddhartha Institute of Technology, Vijayawada, India
Rajesh Vemulakonda & Ketha Venkatesh

Authors

Rajesh Vemulakonda
View author publications
You can also search for this author in PubMed Google Scholar
Ketha Venkatesh
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rajesh Vemulakonda .

Editor information

Editors and Affiliations

School of Computer Engineering, KIIT Deemed to be University, Bhubaneswar, Odisha, India
Suresh Chandra Satapathy
Department of Electronics and Communication Engineering, Shri Ramswaroop Memorial Group of Professional Colleges, Lucknow, Uttar Pradesh, India
Vikrant Bhateja
School of Computer Applications, KIIT Deemed to be University, Bhubaneswar, Odisha, India
J. R. Mohanty
School of Computer and Information Science, University of Hyderabad, Hyderabad, Telangana, India
Siba K. Udgata

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Vemulakonda, R., Venkatesh, K. (2020). SQLIADP: A Novel Framework to Detect and Prevent SQL Injection Attacks. In: Satapathy, S., Bhateja, V., Mohanty, J., Udgata, S. (eds) Smart Intelligent Computing and Applications . Smart Innovation, Systems and Technologies, vol 160. Springer, Singapore. https://doi.org/10.1007/978-981-32-9690-9_5

Download citation

DOI: https://doi.org/10.1007/978-981-32-9690-9_5
Published: 04 October 2019
Publisher Name: Springer, Singapore
Print ISBN: 978-981-32-9689-3
Online ISBN: 978-981-32-9690-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics