The computer world is definitely familiar with SQL as it plays a major role in the development of web applications. Almost all applications have data to be stored for future reference and most of them use RDBMS. Many applications choose its backend from the SQL variants. Large and important applications like the bank and credit-cards will have highly sensitive data in their databases. With the incredible advancement in technology, almost no data can survive the omniscient eyes of the attackers. The only thing that can be done is to make the attackers work difficult. The conventional fixes help in the prevention of attacks to an extent. However, there is a need for some authentic work about the effectiveness of these fixes. In this paper, we present a study of the popular SQL Injection Attack (SQLIA) techniques and the effectiveness of conventional fixes in reducing them. For addressing the SQLIA’s in depth, a thorough background study was done and the mitigation techniques were evaluated using both automated and manual testing. We took the help of a renowned penetration testing tool, SQLMap, for the automated testing. The results indicate the importance of incorporating these mitigation techniques in the code apart from going for complex fixes that require both effort and time.
[1]
Al-Sakib Khan Pathan,et al.
A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies
,
2013,
Int. J. Commun. Networks Inf. Secur..
[2]
Lwin Khin Shar,et al.
Defeating SQL Injection
,
2013,
Computer.
[3]
V. N. Venkatakrishnan,et al.
CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks
,
2010,
TSEC.
[4]
Justin Clarke,et al.
SQL Injection Attacks and Defense
,
2009
.
[5]
Alessandro Orso,et al.
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
,
2005,
ASE.