Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications

Security and Communication Networks ◽

10.1155/2017/3825373 ◽

2017 ◽

Vol 2017 ◽

pp. 1-12 ◽

Cited By ~ 4

Author(s):

Asish Kumar Dalai ◽

Sanjay Kumar Jena

Keyword(s):

Web Application ◽

Web Applications ◽

Large Set ◽

Sql Injection ◽

Web Application Security ◽

Application Security ◽

Server Side ◽

Injection Attacks ◽

Sql Injection Attack ◽

Sql Injection Attacks

Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

Download Full-text

Neutralizing SQL Injection Attack on Web Application Using Server Side Code Modification

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit1952339 ◽

2019 ◽

pp. 158-173

Author(s):

Sarjiyus O. ◽

El-Yakub M. B.

Keyword(s):

Web Application ◽

Web Applications ◽

Web Security ◽

Security Threat ◽

Sql Injection ◽

Server Side ◽

Injection Attacks ◽

Sql Injection Attack ◽

Sql Injection Attacks ◽

Code Modification

SQL Injection attacks pose a very serious security threat to Web applications and web servers. They allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive and important information these databases contain. This research, “Neutralizing SQL Injection attack on web application using server side code modification” proposes a method for boosting web security by detecting SQL Injection attacks on web applications by modification on the server code so as to minimize vulnerability and mitigate fraudulent and malicious activities. This method has been implemented on a simple website with a database to register users with an admin that has control privileges. The server used is a local server and the server code was written with PHP as the back end. The front end was designed using MySQL. PHP server side scripting language was used to modify codes. ‘PDO prepare’ a tool to prepare parameters to be executed. The proposed method proved to be efficient in the context of its ability to prevent all types of SQL injection attacks. Acunetix was used to test the vulnerability of the code, and the code was implemented on a simple website with a simple database. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. Unlike most approaches, the proposed method is quite simple to implement yet highly effective. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

Download Full-text

SQL Injection Attacks Countermeasures

Threats, Countermeasures, and Advances in Applied Information Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-0978-5.ch010 ◽

2012 ◽

pp. 194-213

Author(s):

Kasra Amirtahmasebi ◽

Seyed Reza Jalalinia

Keyword(s):

Web Application ◽

Web Applications ◽

Confidential Information ◽

Sql Injection ◽

Unauthorized Access ◽

Injection Attacks ◽

Prevention Techniques ◽

Sql Injection Attack ◽

Sql Injection Attacks ◽

The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Download Full-text

Web Application Penetration Testing Using SQL Injection Attack

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.5.3.470 ◽

2021 ◽

Vol 5 (3) ◽

pp. 320

Author(s):

Alde Alanda ◽

Deni Satria ◽

M.Isthofa Ardhana ◽

Andi Ahmad Dahlan ◽

Hanriyawan Adnan Mooduto

Keyword(s):

Web Application ◽

Web Applications ◽

Rapid Development ◽

Security Level ◽

Sensitive Information ◽

Sql Injection ◽

Web Application Security ◽

Penetration Testing ◽

Application Security ◽

Sql Injection Attack

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

Download Full-text

SQL Injection Attack on Web Application

Asian Journal of Computer Science and Technology ◽

10.51983/ajcst-2018.7.s1.1814 ◽

2018 ◽

Vol 7 (S1) ◽

pp. 11-15

Author(s):

S. Parameswari ◽

K. Kavitha

Keyword(s):

Web Application ◽

Web Applications ◽

Sql Injection ◽

Injection Attacks ◽

Sql Injection Attack ◽

Simplified Algorithm ◽

Basic Features ◽

Sql Injection Attacks ◽

Almost All ◽

The Web

SQL injection attacks are one of the highest dangers for applications composed for the Web. These attacks are dispatched through uncommonly made client information on web applications that utilizes low level string operations to build SQL queries. An SQL injection weakness permits an assailant to stream summons straightforwardly to a web application’s hidden database and annihilate usefulness or privacy. In this paper we proposed a simplified algorithm which works on the basic features of the SQL Injection attacks and will successfully detect almost all types of SQL Injection attacks. In the paper we have also presented the experiment results in order to acknowledge the proficiency of our algorithm.

Download Full-text

MITIGATION HANDLING OF SQL INJECTION ATTACKS ON WEBSITES USING OWASP FRAMEWORK

Kursor ◽

10.28961/kursor.v9i4.182 ◽

2019 ◽

Vol 9 (4) ◽

Author(s):

Wasito Sukarno ◽

Imam Riadi

Keyword(s):

Information System ◽

Web Application ◽

Sql Injection ◽

Web Application Security ◽

Application Security ◽

Security Issues ◽

Injection Attacks ◽

Information Technology Security ◽

Web Attacks ◽

Sql Injection Attacks

The development of the security system on the application of a website is now more advanced. But a software that has vulnerability will threaten all fields such as information system of health, defense, finance, and education. Information technology security issues will become the threat that made managers of the website (webadmin) alerted. This paper is focused on how to handle various application web attacks, especially attacks that uses SQL Injection, using The Open Web Application Security Project (OWASP), the aim is raise awareness about application security web and how to handle an occurred attack.

Download Full-text

Web application security – SQL injection attacks

Network Security ◽

10.1016/s1353-4858(06)70353-1 ◽

2006 ◽

Vol 2006 (4) ◽

pp. 4-5 ◽

Cited By ~ 6

Author(s):

David Morgan

Keyword(s):

Web Application ◽

Sql Injection ◽

Web Application Security ◽

Application Security ◽

Injection Attacks ◽

Sql Injection Attacks

Download Full-text

Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.15.21434 ◽

2018 ◽

Vol 7 (4.15) ◽

pp. 130

Author(s):

Emil Semastin ◽

Sami Azam ◽

Bharanidharan Shanmugam ◽

Krishnan Kannoorpatti ◽

Mirjam Jonokman ◽

...

Keyword(s):

Web Application ◽

Web Applications ◽

Operating Cycle ◽

Web Application Security ◽

Web Based ◽

Business World ◽

Application Security ◽

Server Side ◽

Combined Solution ◽

Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.

Download Full-text

Secure Online Election System

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.k1235.09811s19 ◽

2019 ◽

Vol 8 (11S) ◽

pp. 1166-1171

Keyword(s):

Web Application ◽

Control Unit ◽

Sql Injection ◽

Stored Procedure ◽

Injection Attacks ◽

Election System ◽

Sql Injection Attack ◽

Online Voting ◽

One Way Function ◽

Sql Injection Attacks

India, the biggest democratic ruling system in terms of population utilises the Electronic Voting Machine or EVM for their general elections. Any EVM comprises of two units: The Control unit and the Ballot unit. O n g o i n g re s e a rc h h a s i n d i c a t e d m a n y disadvantages in the system. One of the main disadvantages we encounter is that many researchers have claimed that the EVM can easily be tampered with. EVMs also encounter many physical threats. To prevent these drawbacks, we have proposed an online voting s y s t e m w h i c h c o u n t e r m a n y p h y s i c a l difficulties faced by the EVM. One main difficulty in the online system is the SQL Injection attack. SQL injection is messing with the database and controlling it with the help of SQL Queries. Our project focuses on the Tautology based SQL Injection attack. In this attack, a statement whose value will always be true or 1 is passed instead of username and password by the hacker. This allows access to t h e d a t a b a s e w h i c h a l l o w s h i m / h e r t o manipulate it. Manipulation can be of several kinds. Web based Voting is another innovation that is rising which has the possibility of countering numerous downsides looked by the EVMs. The online voting application works as any other web application. Each voter who wants to vote needs to fill all the required details and create an account on the website first. On the day of voting, when voters cast their vote, they need to sign in with their respective credentials. When the credentials match with the data from database, the voter can get to the voting page and make his choice. An affirmation mail is the sent to the client after effectively making the choice. The votes cast by the voters are sent to a separate database which is viewed in the administration s i d e . We u s e s t o r e d p r o c e d u r e s a n d parameterized queries to prevent the Tautology based SQL attack. If a malicious user enters any query which has a value, it will simply be passed as a parameter to the SQL statement and wont be a component of the SQL statement itself, thus rendering the stored procedure invulnerable to SQL injection attacks. We also use the Secure Hash Algorithm 256 (SHA-256). It is a type of cryptographic hash function which generates a unique 256 bit long hash key for each vote. It is a one way function and so it cannot be decrypted. This ensures that the votes are not manipulated.

Download Full-text

SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.2.4.107 ◽

2018 ◽

Vol 2 (4) ◽

pp. 286 ◽

Cited By ~ 1

Author(s):

Robinson ◽

Memen Akbar ◽

Muhammad Arif Fadhly Ridha

Keyword(s):

Web Application ◽

Web Applications ◽

Monitoring Network ◽

Sql Injection ◽

Web Application Security ◽

Ip Address ◽

Application Security ◽

Rule Set ◽

Security Rule ◽

Cross Site

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

Download Full-text

Bind but Dynamic Technique

Handbook of Research on Innovations in Database Technologies and Applications ◽

10.4018/978-1-60566-242-8.ch093 ◽

2009 ◽

pp. 880-890

Author(s):

Ahmad Hammoud ◽

Ramzi A. Haraty

Keyword(s):

Web Application ◽

Efficient Solution ◽

Web Applications ◽

Query Language ◽

Sql Injection ◽

Injection Attacks ◽

Dynamic Technique ◽

Structured Query Language ◽

Sql Injection Attacks ◽

Web Developers

Most Web developers underestimate the risk and the level of damage that might be caused when Web applications are vulnerable to SQL (structured query language) injections. Unfortunately, Web applications with such vulnerability constitute a large part of today’s Web application landscape. This article aims at highlighting the risk of SQL injection attacks and provides an efficient solution.

Download Full-text