An SQL Injection Defensive Mechanism Using Reverse Insertion Technique

One of the top 10, 2017 attacks in the world is SQL injection. Though there are a number of different approaches available to prevent the SQL injection attack, it’s considered as a serious security threat to Web applications, even today. SQL injection employs a code injection technique of hacking login credentials or other information that destroys your database. In this paper, we presented a new reversed insertion algorithm using a simple technique which prevents almost all types of SQL injection. This proposed model is implemented and tested by developing a prototype using SQL map. The proposed model shows a high level of security with an accuracy of 92%.

[1]  E. Ramaraj,et al.  An Authentication Mechanism to prevent SQL Injection Attacks , 2011 .

[2]  William Stallings Network Security Essentials: Applications and Standards (3rd Edition) , 2006 .

[3]  P. Niranjan,et al.  SQL Injection Attack prevention based on decision tree classification , 2015, 2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO).

[4]  Sang-Soo Yeo,et al.  A novel method for SQL injection attack detection based on removing SQL query attribute values , 2012, Math. Comput. Model..

[5]  Harpreet Kaur,et al.  A Practical Approach for SQL Injection Prevention Attacks Using IPS , 2014 .

[6]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[7]  Marco Vieira,et al.  Evaluation of Web Security Mechanisms Using Vulnerability & Attack Injection , 2014, IEEE Transactions on Dependable and Secure Computing.

[8]  Me,et al.  Eliminate Sql Injection Using LINQ , 2014 .

[9]  Marc Dacier,et al.  Conceptual Model and Architecture , 2001 .

[10]  Ram Srivatsa Kannan,et al.  Random4: An Application Specific Randomized Encryption Algorithm to Prevent SQL Injection , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[11]  Omar Abuzaghleh,et al.  Advanced automated SQL injection attacks and defensive mechanisms , 2016, 2016 Annual Connecticut Conference on Industrial Electronics, Technology & Automation (CT-IETA).

[12]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[13]  Jean Arlat,et al.  Fault injection for formal testing of fault tolerance , 1996, IEEE Trans. Reliab..

[14]  M. Varun Kumar,et al.  Preventing SQL Injection Attacks , 2012 .

[15]  Jalal Omer Atoum,et al.  A Hybrid Technique for SQL Injection Attacks Detection and Prevention , 2014 .

[16]  Sajjan G. Shiva,et al.  RUNTIME MONITORING TECHNIQUE TO HANDLE TAUTOLOGY BASED SQL INJECTION ATTACKS , 2012 .