SQLI detection system for a safer web application

SQL Injection (SQLI) is a quotidian phenomenon in the field of network security. It is a potent and effective way of intruding into secured databases thereby jeopardizing the confidentiality, integrity and availability of information in them. SQL Injection works by inserting malicious queries into legal queries thereby rendering it increasingly arduous for most detection systems to be able to discern its occurrence. Hence, the need of the hour is to build a coherent and a smart SQL Injection detection system to make web applications safer and thus, more reliable. Unlike a great majority of current detection tools and systems that are deployed at a region between the web server and the database server, the proposed system is deployed between client and the web server, thereby shielding the web server from the inimical impacts of the attack. This approach is nascent and efficient in terms of detection, ranking and notification of the attack designed using pattern matching algorithm based on the concept of hashing.

[1]  E. B. Fernandez,et al.  A Misuse Pattern for Retrieving Data from a Database Using SQL Injection , 2012, 2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom).

[2]  Judith Kelner,et al.  Deep packet inspection tools and techniques in commodity platforms: Challenges and trends , 2012, J. Netw. Comput. Appl..

[3]  Vladimir Zadorozhny,et al.  Signature-Based Detection of Notable Transitions in Numeric Data Streams , 2013, IEEE Transactions on Knowledge and Data Engineering.

[4]  Mazdak Zamani,et al.  A Taxonomy of SQL Injection Detection and Prevention Techniques , 2013, 2013 International Conference on Informatics and Creative Multimedia.

[5]  Jignesh M. Patel,et al.  SigMatch: Fast and Scalable Multi-Pattern Matching , 2010, Proc. VLDB Endow..

[6]  H. Atashzar,et al.  A survey on web application vulnerabilities and countermeasures , 2012, 2011 6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT).

[7]  E. Ramaraj,et al.  An Authentication Mechanism to prevent SQL Injection Attacks , 2011 .

[8]  Bruce Hartpence Packet Guide to Core Network Protocols , 2011 .

[9]  D. Garg,et al.  String Matching Algorithms and their Applicability in various Applications , 2012 .

[10]  P. Santhi Thilagam,et al.  SQL Injection Attack Mechanisms and Prevention Techniques , 2011, ADCONS.

[11]  Shubhashis Sengupta,et al.  Detecting SOQL-injection vulnerabilities in SalesForce applications , 2013, 2013 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[12]  Mohammad Zulkernine,et al.  Information-Theoretic Detection of SQL Injection Attacks , 2012, 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering.

[13]  Justin Clarke,et al.  SQL Injection Attacks and Defense , 2009 .

[14]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[15]  R. Johari,et al.  A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection , 2012, 2012 International Conference on Communication Systems and Network Technologies.

[16]  S. Hadjiefthymiades,et al.  Hypertext Transfer Protocol (HTTP) , 1996 .

[17]  K. Marimuthu,et al.  An efficient technique for preventing SQL injection attack using pattern matching algorithm , 2013, 2013 IEEE International Conference ON Emerging Trends in Computing, Communication and Nanotechnology (ICECCN).