The Multi-Tier Architecture for Developing Secure Website with Detection and Prevention of SQL-Injection Attacks
نویسنده
چکیده
SQL injection is an attack methodology that targets the data residing in a database. The attack takes advantage of poor input validation in code and website administration. SQL Injection Attacks occur when an attacker is able to insert a series of SQL statements into a ‘query’ by manipulating user input data into a web-based application, an attacker can take advantages of web application programming security flaws and pass unexpected malicious SQL statements through a web application for execution by the back-end database. This paper proposes a novel specification-based methodology for the prevention of SQL injection Attacks. The two most important advantages of the new approach against existing analogous mechanisms are that, first, it prevents all forms of SQL injection attacks; second, Current technique does not allow the user to access database directly from the database server. Our proposed framework for building secure and anti-theft web applications is consisting of four stages. In each stage we analyze the inputted data taken from the user and make a decision, whether that is suspected or not.
منابع مشابه
Survey and Comparative Analysis of SQL Injection Attacks, Detection and Prevention Techniques for Web Applications Security
Web applications witnessed a rapid growth for online business and transactions are expected to be secure, efficient and reliable to the users against any form of injection attacks. SQL injection is one of the most common application layer attack techniques used today by hackers to steal data from organizations. It is a technique that exploits a security vulnerability occurring in the database l...
متن کاملDetection Block Model for SQL Injection Attacks
With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers' lack of knowledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generally consist of a three tier architecture where database is in...
متن کاملAn Efficient Protective Layer Against SQL Injection Attacks
In this paper, we present a detailed discussion on different SQL injection attacks and their prevention technique. In addition, we proposed a new scheme for prevention of SQL injection attack, which consist of three blocks or three tier architecture: the clients, the application server and the database server. Our protective layer works between the clients and application server. Therefore, bef...
متن کاملSiC: An Agent Based Architecture for Preventing and Detecting Attacks to Ubiquitous Databases
One of the main attacks to ubiquitous databases is the SQL injection attack, which causes severe damages both in the commercial aspect, as in the user’s confidence. This Chapter proposes the SiC architecture as a solution to the SQL injection attack problem. This is a hierarchical distributed multiagent architecture, which involves an entirely new approach with respect to existing architectures...
متن کاملDe-duplication of Data in Cloud
Rendering efficient storage and security for all data is very important for cloud computing. Securing and privacy preserving of data is of high priority when it comes to cloud storage. Therefore to provide efficient storage for cloud data owners and render high security for data this paper proposes Cloud Computing Secure Framework (CCSF). Thus CCSF consists of four segments: 1) Identity Managem...
متن کامل