论文信息 - An effective method for preventing SQL injection attack and session hijacking

An effective method for preventing SQL injection attack and session hijacking

Today's world is very much dependent on the web applications, may it be shopping or financial transactions. Providing security to these web applications isvery important. Most of the transactioninformation or the customer information is stored in the backend databases for these web applications. One of the vulnerabilities of these web applications is SQL (Structured Query Language) injection attack. Also, the web application sessions are prone to session hijacking attack, if the adversary can get hold of the session id. Considering that there are various tools available to retrieve session/HTTP cookies, this makes web applications very vulnerable session hijacking attacks. Though there are many ways proposed to defend the databases against SQL injection attacks, there is no sure shot way to prevent these SQL injection attacks. This project proposes an efficient technique for the prevention of SQL injection attack and session hijacking. The hashing technique is used for implementing the preventionthese attacks.

[1] Himanshu Gupta,et al. SQL filtering: An effective technique to prevent SQL injection attack , 2016, INFOCOM 2016.

[2] Drashti Panchal,et al. SECURED HASH ALGORITHM-1: Review Paper , 2014 .

[3] Alessandro Orso,et al. A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[4] Stuart McDonald. SQL Injection: Modes of attack, defence, and why it matters , 2002 .

[6] Mostafa A. Bassiouni,et al. Preventing session hijacking in collaborative applications with hybrid cache-supported one-way hash chains , 2014, 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[7] Alessandro Orso,et al. Detection and Prevention of SQL Injection Attacks , 2007, Malware Detection.

[8] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .