Abstracto

Prevention of SQL Injection Attack on Web Applications

Shakti Kumar, Subhendu Dey, R.Karthikeyan, K.G.S. Venkatesan

SQL injection is a technique where the attacker injects an input in the query in order to change the structure of the query intended by the programmer and gaining the access of the database which results modification of the user‘s data. In the SQL injection it exploits a security vulnerability of data occurring in database layer of an application. SQL injection attack is the most common attack in websites in these days. Some malicious codes get injected to the database by unauthorized users and get the access of the database due to lack of input validation. Input validation is the most critical part of software security that is not properly covered in the design phase of software development life-cycle resulting in many security vulnerabilities. This paper presents the techniques for detection and prevention of SQL injection attack. There are no full proof defences available against such type of attacks. In this paper some predefined method of detection and modern techniques are discussed. This paper also describes countermeasures of SQL injection.

Descargo de responsabilidad: este resumen se tradujo utilizando herramientas de inteligencia artificial y aún no ha sido revisado ni verificado.