Defeating SQL Injection

SQL Injection Evasion Detection

Preventing SQL Injection Attacks

With the recent rapid increase in web based applications that employ back-end database services, results show that SQL Injection and Remote File Inclusion are the two frequently used exploits rather than using other complicated techniques. With the rise in use of web applications, SQL injection based attacks are gradually increasing and is now one of the most common attacks in the internet. It ...

Inferential SQL Injection Attacks

This paper describes a class of SQL injection attacks (SQLIA) where attackers can deduce information from the back-end database management system (DBMS) without transferring actual data. Instead, by using predetermined differentiation mechanism, information is being inferred piece by piece. Because of its widespread success, particularly in difficult situations where other SQLIA classes fail, u...

Defeating Cyber Attacks Due to Script Injection

Offensive operations have been promoted by the aggressors using computer as a tool or target, resulting, a cyber attack in web-applications of an organization or the infrastructure of entire nation. Depending upon the attacker’s target, one can classify some of the mostly occurred cyber attacks into five broad categories. It reports some of the common methods adopted in conducting these attacks...

SQLrand: Preventing SQL Injection Attacks

We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web frontend, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries inject...