Title :
SBSQLID: Securing Web Applications with Service Based SQL Injection Detection
Author :
Shanmughaneethi, V. ; Shyni, C. Emilin ; Swamynathan, S.
Author_Institution :
Dept. of CSE., Anna Univ., Chennai, India
Abstract :
Vulnerability in web applications allows malicious users to obtain unrestricted access to private and confidential information. SQL injection is ranked at the top in web application attack mechanisms used by hackers to steal data from organizations. Hackers´ can take advantages due to flawed design, improper coding practices, improper validations of user input, configuration errors, or other weaknesses in the infrastructure. This paper proposes a methodology for the detection of exploitations of SQL injection vulnerabilities. In this work, an independent Web Service is intended to generalize syntactic structure of SQL query and validate the user inputs. When the user submits the SQL query at the runtime, the query has to be parsed by the independent service for the correctness of the syntactic structure and user data. This approach is to prevent all forms of SQL injections, independent of the target system, independent to platform and Backend DB server.
Keywords :
SQL; Web services; computer crime; data privacy; SQL query syntactic structure; backend DB server; confidential information; hackers; improper coding practices; improper user input validations; independent web service; malicious users; service based SQL injection detection; web applications; Cities and towns; Computer hacking; Data security; Databases; Engines; Runtime; Surface-mount technology; Telecommunication computing; Telecommunication control; Web services; Piggy pack; SQL Injection; Tautology; Web application security; Web service;
Conference_Titel :
Advances in Computing, Control, & Telecommunication Technologies, 2009. ACT '09. International Conference on
Conference_Location :
Trivandrum, Kerala
Print_ISBN :
978-1-4244-5321-4
Electronic_ISBN :
978-0-7695-3915-7
DOI :
10.1109/ACT.2009.178
