Intrusion Protection against SQL Injection Attacks Using a Reverse Proxy

In this era where Internet has captured the world, level of security that this Internet provides has not grown as fast as the Internet application. Internet has eased the life of human in numerous ways, but the drawbacks like the intrusions that are attached with the Internet applications sustains the growth of these applications. One such intrusion is the SQL Injection attacks (SQLIA). Since SQLIA contributes 25% of the total Internet attacks, much research is being carried out in this area. In this paper we propose a method to detect the SQL injection. We use a Reverse proxy and MD5 algorithm to check out SQL injection in user input. Using grammar expressions rules we check for SQL injection in URL’s. This system has been tested on standard test bed applications and our work has shown significant improvement detecting and curbing the SQLIA.

[1]  Laurie Ann Williams,et al.  Towards a taxonomy of techniques to detect cross-site scripting and SQL injection vulnerabilities , 2008 .

[2]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[3]  Richard Sharp,et al.  Abstracting application-level web security , 2002, WWW.

[4]  Zhendong Su,et al.  The essence of command injection attacks in web applications , 2006, POPL '06.

[5]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.

[6]  J. William Ahwood,et al.  CLASSIFICATION , 1931, Foundations of Familiar Language.

[7]  Chris Anley,et al.  Advanced SQL Injection In SQL Server Applications , 2002 .

[8]  Angelos D. Keromytis,et al.  SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.

[9]  Premkumar T. Devanbu,et al.  JDBC checker: a static analysis tool for SQL/JDBC applications , 2004, Proceedings. 26th International Conference on Software Engineering.

[10]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[11]  Laurie A. Williams,et al.  Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks , 2010, ESSoS.

[12]  Stephen Kost An Introduction to SQL Injection Attacks for Oracle Developers , 2007 .

[13]  D. T. Lee,et al.  Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[14]  Konstantinos Kemalis,et al.  SQL-IDS: a specification-based approach for SQL-injection detection , 2008, SAC '08.