Web application database protection from SQLIA using permutation encoding

Web application is the base of online businesses through the Internet. The emergence of COVID 19 forced almost every job to operate online so as to bridge the distance amongst individuals. The rapid increment in the needs of web application increases security threats on information and data. According to the Open Web Application Security Project, Structured Query Language Injection Attack (SQLIA) is a top security threat for web application. SQLIA inserts malicious code to gain access or to manipulate database information by cheating the server to bypass the code to the database, thereby causing a severe impact on web application. In this paper, permutation encoding method has been proposed to prevent SQLIA, which is based on encoding all database information using the proposed method. Initially, a special character is inserted to restrict the method from reversing. Subsequently, permutation encoding method is applied. Permutation refers to the method wherein the bit location is changed within three characters and then radix encoding is applied. Permutation is based on the primitive root value. Encoding has been used to hide permutation. The proposed method is implemented and tested using PHP and MySQL databases, where the proposal result has been compared with those of other proposal methods. The results with security analysis prove that the proposal method prevents SQLIA and protects database information.

[1]  Tao Chen,et al.  Security testing of web applications: a search-based approach for detecting SQL injection vulnerabilities , 2019, GECCO.

[2]  Zar Chi Su Su Hlaing,et al.  A Detection and Prevention Technique on SQL Injection Attacks , 2020, 2020 IEEE Conference on Computer Applications(ICCA).

[3]  Himanshu Gupta,et al.  Impact of SQL Injection in Database Security , 2019, 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE).

[4]  Vasin Suttichaya,et al.  Analyzing SQL Injection Statements Using Common Substructure of Parse Tree , 2017, 2017 21st International Computer Science and Engineering Conference (ICSEC).

[5]  S. Panigrahi,et al.  Prevention of SQL Injection attack using query transformation and hashing , 2013, 2013 3rd IEEE International Advance Computing Conference (IACC).

[6]  Dongmei Zhao,et al.  Research on SQL Injection Attack and Prevention Technology Based on Web , 2019, 2019 International Conference on Computer Network, Electronic and Automation (ICCNEA).

[7]  Hai Jin,et al.  Enc-DNS-HTTP: Utilising DNS Infrastructure to Secure Web Browsing , 2017, Secur. Commun. Networks.

[8]  Kashif Naseer Qureshi,et al.  Systematic Review Analysis on SQLIA Detection and Prevention Approaches , 2020, Wirel. Pers. Commun..

[9]  Sanjay Kumar Jena,et al.  Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications , 2017, Secur. Commun. Networks.

[10]  Ramón Cáceres,et al.  Web Server , 2017, Encyclopedia of GIS.

[11]  Vilas M. Thakare,et al.  Detection of SQL injection attacks by removing the parameter values of SQL query , 2018, 2018 2nd International Conference on Inventive Systems and Control (ICISC).

[12]  F. Hasan,et al.  A Novel Approach for SQL Injection Prevention Using Hashing & Encryption (SQL-ENCP) , 2012 .

[13]  Srikanth Prabhu,et al.  An effective method for preventing SQL injection attack and session hijacking , 2017, 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT).

[14]  Elizabeth Sherly,et al.  An SQL Injection Defensive Mechanism Using Reverse Insertion Technique , 2017 .

[15]  Madhumita Chatterjee,et al.  MAC based solution for SQL injection , 2014, Journal of Computer Virology and Hacking Techniques.

[16]  Lei Liu,et al.  Detecting SQL Injection Attacks Using Grammar Pattern Recognition and Access Behavior Mining , 2019, 2019 IEEE International Conference on Energy Internet (ICEI).