Defenses To Protect Against SQL Injection Attacks

Web applications are steadily increasing in our daily routines activities and continue to integrate them. Online Banking, On-line reservations, on-line shopping expect these web applications to be secure and reliable; the terror of SQL– Injection Attacks has become increasingly frequent and serious. SQL Injection Attacks are one of the topmost threats for web application security. Using SQL Injection attackers can leak confidential information: such as credit card numbers, ATM pins, User credentials from web applications and even corrupt the database. This paper presents a new technique to protect Web applications against SQL injection Attacks. SQL Injection Attacks are a class of attacks that many of these systems are highly vulnerable to, and there is no known foolproof defense against such attacks. In this paper, some predefined methods are discussed and integrated approach of encryption method with secure hashing is applied in the database to avoid attack on login phase. This combined method is applied to a system where user’s information is kept and the designing of this system are done by using PHP and MYSQL. Index –Terms: Database security, SQL injection attacks, Hashing, Encryption technique, Preventions.