Intrusion Protection against SQL Injection and Cross Site Scripting Attacks Using a Reverse Proxy

SQL Injection attacks and Cross-Site Scripting attacks are the two most common attacks on web application. Proposed method is a new policy based Proxy Agent, which classifies the request as a scripted request, or query based request, and then, detects the respective type of attack, if any in the request. This method detects both SQL injection attack as well as the Cross-Site Scripting attacks. SQL injection vulnerabilities have been described as one of the most serious threats to the database driven applications. Web applications that are vulnerable to SQL injection may allow an attacker to gain complete access to their underlying databases. A SQL Injection Attack usually starts with identifying weaknesses in the applications where unchecked users’ input is transformed into database queries. Reverse Proxy is a technique which is used to sanitize the user’s inputs that may transform into a database attack. In this technique a filter program redirects the user’s input to the proxy server before it is sent to the application server. At the proxy server, data cleaning algorithm is triggered using a sanitizing application. Keywords— SQL Injection, SQL Attack, Data Sanitization, Database Security, Security Threats, Cross Site Scripting.