Title :
Prevention of SQL Injection attack using query transformation and hashing
Author :
Kar, D. ; Panigrahi, S.
Author_Institution :
Dept. of Comput. Sci. & Eng., Silicon Inst. of Technol., Bhubaneswar, India
Abstract :
In this Internet age, web applications have become an integral part of our lives, but security and privacy of our sensitive data has become a big concern. Over last several years, SQL Injection has been the most prevalent form of attack on web databases. Much research has been done in this area, but most of the approaches in the literature have high computational overhead or difficult to deploy in practical scenarios. In this paper we have proposed a lightweight approach to prevent SQL Injection attacks by a novel query transformation scheme and hashing. We implemented it on a prototype e-commerce application and the results of our experiments show that it can successfully and efficiently block a variety of SQL Injection attempts. This approach can also be easily implemented on any language or database platform with little modification.
Keywords :
Internet; SQL; cryptography; data privacy; electronic commerce; query processing; Internet age; SQL injection attack prevention; Web applications; Web database; computational overhead; database platform; e-commerce application; hashing; query transformation scheme; sensitive data privacy; sensitive data security; Databases; Hidden Markov models; Runtime; Security; Servers; Skeleton; Web pages; Hashing; Query Structure; Query Transformation; SQL Injection; SQLIA Prevention;
Conference_Titel :
Advance Computing Conference (IACC), 2013 IEEE 3rd International
Conference_Location :
Ghaziabad
Print_ISBN :
978-1-4673-4527-9
DOI :
10.1109/IAdCC.2013.6514419
