Visible to the public A hybrid method for detection and prevention of SQL injection attacks

TitleA hybrid method for detection and prevention of SQL injection attacks
Publication TypeConference Paper
Year of Publication2017
AuthorsGhafarian, A.
Conference Name2017 Computing Conference
Keywordsaccess content, Collaboration, common gateway interface, Computer hacking, data mining, database design, database driven web applications, database management systems, Databases, detection, dynamic, hacker, Human Behavior, hybrid method, hybrid SQLIA, Internet, policy, policy-based governance, Policy-Governed Secure Collaboration, Prevention, privacy, pubcrawl, Resiliency, Runtime, security of data, sensitive information, serious security threat, Servers, SQL, SQL Injection, SQL injection attack, SQL statements, SQLIA, static, Web applications

SQL injection attack (SQLIA) pose a serious security threat to the database driven web applications. This kind of attack gives attackers easily access to the application's underlying database and to the potentially sensitive information these databases contain. A hacker through specifically designed input, can access content of the database that cannot otherwise be able to do so. This is usually done by altering SQL statements that are used within web applications. Due to importance of security of web applications, researchers have studied SQLIA detection and prevention extensively and have developed various methods. In this research, after reviewing the existing research in this field, we present a new hybrid method to reduce the vulnerability of the web applications. Our method is specifically designed to detect and prevent SQLIA. Our proposed method is consists of three phases namely, the database design, implementation, and at the common gateway interface (CGI). Details of our approach along with its pros and cons are discussed in detail.

Citation Keyghafarian_hybrid_2017