Enhanced Approach to Detection of SQL Injection Attack

In recent years, many financial sectors are evolving with huge numbers of web applications, which plays a crucial role in organizations to make important decisions. Considering this, the data has to be secured in order to prevent it from any attacks which lead to a huge loss. One of the topmost attacks in the database is SQL injection attack, is injecting some malicious query into the database causing serious threats. This paper proposes an enhanced approach to dynamic query matching technique by imposing a sanitizer for quick and easy detection of attack.

[1]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.

[2]  Laurie A. Williams,et al.  Using Automated Fix Generation to Secure SQL Statements , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[3]  Utpal Sharma,et al.  An Approach to Detection of SQL Injection Attack Based on Dynamic Query Matching , 2010 .

[4]  Zhendong Su,et al.  An Analysis Framework for Security in Web Applications , 2004 .

[5]  Premkumar T. Devanbu,et al.  JDBC checker: a static analysis tool for SQL/JDBC applications , 2004, Proceedings. 26th International Conference on Software Engineering.

[6]  Suraj C. Kothari,et al.  Preventing SQL injection attacks in stored procedures , 2006, Australian Software Engineering Conference (ASWEC'06).