Visible to the public Code-based Analysis Approach to Detect and Prevent SQL Injection Attacks

TitleCode-based Analysis Approach to Detect and Prevent SQL Injection Attacks
Publication TypeConference Paper
Year of Publication2020
AuthorsJana, Angshuman, Maity, Dipendu
Conference Name2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)
Date PublishedJuly 2020
ISBN Number978-1-7281-6851-7
KeywordsCollaboration, Complex Number System, Databases, encoding, Human Behavior, human factors, Input clustering, Metrics, policy-based governance, Programming, pubcrawl, resilience, Resiliency, Safe Coding, security, SQL Injection, SQL Injection attacks, Structured Query Language, Tools

Now-a-days web applications are everywhere. Usually these applications are developed by database program which are often written in popular host programming languages such as C, C++, C\#, Java, etc., with embedded Structured Query Language (SQL). These applications are used to access and process crucial data with the help of Database Management System (DBMS). Preserving the sensitive data from any kind of attacks is one of the prime factors that needs to be maintained by the web applications. The SQL injection attacks is one of the important security threat for the web applications. In this paper, we propose a code-based analysis approach to automatically detect and prevent the possible SQL Injection Attacks (SQLIA) in a query before submitting it to the underlying database. This approach analyses the user input by assigning a complex number to each input element. It has two part (i) input clustering and (ii) safe (non-malicious) input identification. We provide a details discussion of the proposal w.r.t the literature on security and execution overhead point of view.

Citation Keyjana_code-based_2020