An Efficient Protective Layer Against SQL Injection Attacks
نویسندگان
چکیده
In this paper, we present a detailed discussion on different SQL injection attacks and their prevention technique. In addition, we proposed a new scheme for prevention of SQL injection attack, which consist of three blocks or three tier architecture: the clients, the application server and the database server. Our protective layer works between the clients and application server. Therefore, before sending SQL queries to the database, the protective layer will analyze the query to check the vulnerability. If found any, it reported else it forward the query to database server. The proposed scheme is efficient and overhead is negligible.
منابع مشابه
Survey and Comparative Analysis of SQL Injection Attacks, Detection and Prevention Techniques for Web Applications Security
Web applications witnessed a rapid growth for online business and transactions are expected to be secure, efficient and reliable to the users against any form of injection attacks. SQL injection is one of the most common application layer attack techniques used today by hackers to steal data from organizations. It is a technique that exploits a security vulnerability occurring in the database l...
متن کاملSpectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic
We present Spectrogram, a machine learning based statistical anomaly detection (AD) sensor for defense against web-layer code-injection attacks. These attacks include PHP file inclusion, SQL-injection and cross-sitescripting; memory-layer exploits such as buffer overflows are addressed as well. Statistical AD sensors offer the advantage of being driven by the data that is being protected and no...
متن کاملSQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks
Securing the web against frequent cyber attacks is a big concern as attackers usually intend to snitch private information, financial information, deface and damages websites to prove their hacking capabilities. This type of vandalism may drive many corporations that conduct their business through the web to suffer financial and reputation damages. One of the most dangerous cyber attacks is the...
متن کاملAn Efficient Black-box Technique for Defeating Web Application Attacks
Over the past few years, injection vulnerabilities have become the primary target for remote exploits. SQL injection, command injection, and cross-site scripting are some of the popular attacks that exploit these vulnerabilities. Taint-tracking has emerged as one of the most promising approaches for defending against these exploits, as it supports accurate detection (and prevention) of popular ...
متن کاملWeb Gladiator a Web Application Firewall
Application protection is a valuable security layer to protect against a number of application layer security threats which is usually not protected by a typical network layer intrusion detection system. The hackers will attack the Web Application using the methods like structured Query Language (SQL) Injection, Cross Site Scripting (XSS), Command Injection, cookie poisoning, etc. These problem...
متن کامل