Abstract
Nowadays, Web-Based systems face a lot of threats. Web-Based systems completely rely on databases. SQL injection attacks are the most common and complex threat to the databases of Web-Based systems. Several approaches that protect web applications from SQL Injection attacks are available. Most of the techniques apply defense mechanics that perform on the SQL Injection attacks; much of them produce huge false positives and maximum response time. In this paper, we are proposing a novel framework, SQL Injection Attack Detection and Prevention (SQLIADP), combination of Java, web technologies, and Special Text Strings to protect the Web-Based systems against the SQL Injection attacks with zero false reduction and minimal response time. The implemented framework is very efficient and works effectively against SQL Injection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures. In: Proceedings of the IEEE International Symposium on Secure Software Engineering, vol. 1, pp. 13–15. IEEE (2006)
Buja, G., Jalil, K.B.A., Ali, F.B.H.M., Rahman, T.F.A.: Detection model for SQL injection attack: an approach for preventing a web application from the SQL injection attack. In: 2014 IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), pp. 60–64. IEEE (2014)
Appelt, D., Nguyen, C.D., Briand, L.: Behind an application firewall, are we safe from SQL injection attacks? In: 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST), pp. 1–10. IEEE (2015)
Alwan, Z.S., Younis, M.F.: Detection and prevention of SQL injection attack: a survey. Int. J. Comput. Sci. Mobile Comput. 6(8), 5–17 (2017)
Husák, M., Velan, P., Vykopal, J.: Security monitoring of http traffic using extended flows. In: 2015 10th International Conference on, Availability, Reliability and Security (ARES), pp. 258–265. IEEE (2015)
Nadeem, R.M., Saleem, R.M., Bashir, R., Habib, S.: Detection and prevention of SQL injection attack by dynamic analyzer and testing model. Int. J. Adv. Comput. Sci. Appl. 8(8), 209–214 (2017)
Ceccato, M., Nguyen, C.D., Appelt, D., Briand, L.C.: SOFIA: an automated security oracle for black-box testing of SQL-injection vulnerabilities. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, pp. 167–177. ACM 2016
Appelt, D., Panichella, A., Briand, L.: Automatically repairing web application firewalls based on successful SQL injection attacks. In: 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE), pp. 339–350. IEEE (2017)
Upathilake, R., Li, Y., Matrawy, A.: A classification of web browser fingerprinting techniques. In: 2015 7th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE (2015)
Nagpal, B., Singh, N., Chauhan, N., Panesar, A.: Tool based implementation of SQL injection for penetration testing. In: 2015 International Conference on Computing, Communication and Automation (ICCCA), pp. 746–749. IEEE (2015)
Acknowledgements
This study was supported by the following grant from the Siddhartha Academy of General and Technical Education, Vijayawada, A.P., INDIA under the Minor Research Projects grant with Inward No: 110/18 Dt: 28-02-2018.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Vemulakonda, R., Venkatesh, K. (2020). SQLIADP: A Novel Framework to Detect and Prevent SQL Injection Attacks. In: Satapathy, S., Bhateja, V., Mohanty, J., Udgata, S. (eds) Smart Intelligent Computing and Applications . Smart Innovation, Systems and Technologies, vol 160. Springer, Singapore. https://doi.org/10.1007/978-981-32-9690-9_5
Download citation
DOI: https://doi.org/10.1007/978-981-32-9690-9_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-32-9689-3
Online ISBN: 978-981-32-9690-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)