SQL INJECTION ATTACKS IN DATABASE USING WEB SERVICE: DETECTION AND PREVENTION – REVIEW
Abstract
A large number of web applications, especially those deployed by companies for e-business operations involve high reliability, efficiency and confidentiality. Such applications are often written in script languages like PHP embedded in HTML, allowing establishing connection to databases, retrieving data, and putting them in the Web. One of the most common in web application attacks is SQL Injection. SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. In this paper, an attempt has been made to classify the SQL Injection attacks based on the vulnerabilities in web applications. A brief review of the existing approaches for the detection of SQL injection attack also has been presented. This paper proposes a novel specification-based methodology for the prevention of SQL injection Attacks. The two most important advantages of the new approach against existing analogous mechanisms are that, first, it prevents all forms of SQL injection attacks; second, Current technique does not allow the user to access database directly in database server. The innovative technique “Web Service Oriented XPATH Authentication Technique†is to detect and prevent SQL- Injection Attacks in database the deployment of this technique is by generating functions of two filtration models that are Active Guard and Service Detector of application scripts additionally allowing seamless integration with currently-deployed systems.Downloads
Published
Issue
Section
License
COPYRIGHT AGREEMENT AND AUTHORSHIP RESPONSIBILITY
 All paper submissions must carry the following duly signed by all the authors:
“I certify that I have participated sufficiently in the conception and design of this work and the analysis of the data (wherever applicable), as well as the writing of the manuscript, to take public responsibility for it. I believe the manuscript represents valid work. I have reviewed the final version of the manuscript and approve it for publication. Neither has the manuscript nor one with substantially similar content under my authorship been published nor is being considered for publication elsewhere, except as described in an attachment. Furthermore I attest that I shall produce the data upon which the manuscript is based for examination by the editors or their assignees, if requested.â€