Web Security by Preventing SQL Injection Using Encryption in Stored Procedures
نویسنده
چکیده
SQL Injection attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. SQL Injection attacks can be easily prevented by applying more secure authentication schemes in login phase itself. In this paper we are going to prevent SQLIA (SQL Injection Attacks) by using encryption in Stored Procedures. Advance Encryption Standard (AES) Encrypted user name and password are used to improve the authentication process with minimum overhead. The server has to maintain encrypted parameters of every user’s username and password. Keywordssql injection; encryption; stored procedures; parameterized queries; bind variables; sanitization; authentication
منابع مشابه
Web Application Vulnerabilities Monitoring & Avoiding Techniques
In recent years the great advances have occurred in the field of Information & Technology, there are several services provided by the I.T. to an ordinary user some of them may possibly depend on each other, as we know the critical aspect is Information on which everything depends. As the globalization increases the information regarding every prospective is also get increased ,so it is very nec...
متن کاملTesting for Tautology based SQL Injection Attack using Runtime Monitors
Today, all commercial and business applications (ecommerce, banking, blogs, web mail, etc.,) are built as webbased database applications. Increasing prominence and usage of these applications has made them more susceptible to attacks because they store huge amount of sensitive user information. Traditional security mechanisms like network firewalls, intrusion detection systems, and use of encry...
متن کاملAn Authentication Mechanism to prevent SQL Injection Attacks
SQL Injection attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts.In the last few months application-level vulnerabilities have been exploited with serious consequences by the hackers have tricked e-commerce sites into shipping goods for no charge, usernames and passwords have been ...
متن کاملA Method of Detecting Sql Injection Attack to Secure Web Applications
Web applications are becoming an important part of our daily life. So attacks against them also increases rapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes a new method for preventing SQL injection attacks in JSP web applications. The basic idea is to check before execution, the intended structure of the SQL query. For this we use semantic com...
متن کاملPreventing SQL Injection Attacks
With the recent rapid increase in web based applications that employ back-end database services, results show that SQL Injection and Remote File Inclusion are the two frequently used exploits rather than using other complicated techniques. With the rise in use of web applications, SQL injection based attacks are gradually increasing and is now one of the most common attacks in the internet. It ...
متن کامل