A Novel Approach for SQL Injection Avoidance Using Two-Level Restricted Application Prevention (TRAP) Technique

Current IT world is moving forward in revolutionary terms of e-commerce, artificial intelligence, machine learning, and many more. A lot of change has been observed in technology stack for past 2–3 years. One of the notable advancement is evolution of e-commerce sites and various other sites where user input is required. This has made these sites more vulnerable to a type of attack termed as SQL injection attack. These are just SQL executable code passed through the inputs. SQL injection attacks are the most easiest and high impacting attacks on an application. There are several ways that these attacks work, namely appending true statement, modifying existing data, union query to pull whole data, and many more. These attacks have potential to take down an entire application or delete the critical information from database. Infinite loops can also be appended in the form on functions which severely affects whole application infrastructure. User input cannot be removed from Internet ecosystem as it is the basic need for a website. Given that, this is also the most exploited channel to attack the website. By going through most of the researches done in this area, it is observed that majority of preventive techniques either work in single tier or increase complexity of the system just to implement the technique. In this paper, we propose a two-level restricted application prevention (TRAP) technique for SQL injection prevention which leads to a robust and time efficient, two-tier defense system against SQL injections with comparatively minimal impact to the application.

[1]  Yasser Fouad,et al.  A Survey of SQL Injection Attack Detection and Prevention , 2014 .

[2]  Narendra Shekokar,et al.  Implementation of Pattern Matching Algorithm to Defend SQLIA , 2015 .

[3]  Wahid Rajeh,et al.  A novel three-tier SQLi detection and mitigation scheme for cloud environments , 2017, 2017 International Conference on Electrical Engineering and Computer Science (ICECOS).

[4]  A S Sai Lekshmi,et al.  An emulation of sql injection disclosure and deterrence , 2017, 2017 International Conference on Networks & Advances in Computational Technologies (NetACT).

[5]  Suresh Kumar,et al.  SQL injection: Types, methodology, attack queries and prevention , 2016, 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom).

[6]  Angshuman Jana,et al.  On Preventing SQL Injection Attacks , 2015, ACSS.

[7]  Yu Han,et al.  Research and implementation of SQL injection prevention method based on ISR , 2016, 2016 2nd IEEE International Conference on Computer and Communications (ICCC).

[8]  Haibin Hu Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system , 2017 .

[9]  Jun Hu,et al.  Research of SQL injection attack and prevention technology , 2015, 2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF).

[10]  Srikanth Prabhu,et al.  An effective method for preventing SQL injection attack and session hijacking , 2017, 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT).

[11]  Ajay Singh Dikhit,et al.  Result evaluation of field authentication based SQL injection and XSS attack exposure , 2017, 2017 International Conference on Information, Communication, Instrumentation and Control (ICICIC).