Effectiveness of SQLI Countermeasures
Keywords:
SQL Injection, Attacks, Vulnerability scanners, Threats, Web application, SecurityAbstract
In the recent times web applications has become increasingly popular with the growth of web. At the same time, there is an increase in number of attacks in web applications. Attacks like injection vulnerabilities such as SQL Injection, Cross site Scripting, Cross site Request Forgery(CSRF) are common. This paper specially focuses on countermeasures of SQL Injection vulnerability. Here, we have implemented various attacks on a Giftshop web application and also classified SQL Injection countermeasures with respect to Software Development Life Cycle and tested them for their effectiveness with the help of vulnerability scanners. Finally, the result of vulnerability scanners are shown and analyzed before and after the implementation of known SQL Injection countermeasures.
References
W.K. Torgby, N.Y.Asabere.”Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies”. International Journal of Computer applications Vol. 71, Issue.11 , Pp 29-40.ISSN: 0975-8887, 2013.
M. Gandhi. and J. Baria. “SQL Injection Attacks in Web Application”. International Journal of Soft computing and Engineering (IJSCE), Vol2, Issue 6 ( Jan 2013). 189-191. ISSN:2231-2307. 2013.
.Kaushik and G. Ojha.” SQL Injection Attack Detection and Prevention Methods :A Critical Review”, International Journal of Innovative Research in Science, engineering and Technology (IJIRSET), Vol3, Issue 4 .pp 11370-11377. ISSN: 2319-8753, 2014.
K.Wei, M.Muthuprasanna and S.Kothari.”Preventing SQL injection Attacks in stored Procedures”. In Software Engineering Conference , Australia,2006.
I.A.Elia, Fonseca,Vieira,”Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental study” in IEEE 21st International Symposium on Software Reliabiliry Engineering(ISSRE).pp 289-298,November 2010.
K.X.Zhang, C.J. Lin, S. Chen, Y. Hwang. “TransSQL:A translation and Validation based solution for SQL Injection attacks”, In first international conference on Robot, Vision and Signal Processing, pp248-251.November 2011.
R.Dharm, Shiva.,”Runtime monitors for tautology based SQL injection attacks”, In international conference on cyberSec,pp. 253-258. June 2012.
T. Wei,Y.J.Feng,X.Jing. “ Attack Model Based Penetration Test for SQL Injection Vulnerability”, In IEEE 36th annual Computer Software and Applications Conference Workshops,pp. 589-594. July 2012.
A.Sadeghian,Zamani, Manaf.,”A Taxonomy of SQL Injection Detectionand Prevention Techniques.”, In International Conference on Informatics and Creative Multimedia.pp. 53-56. September 2013.
Aldar C.F.Chan, “A Security Framework for Privacy Preserving data aggregation in wireless sensor networks”, ACM Transactions on sensor networks. Vol 7, Issue 4, 29-40. DOI: 10.1145/1921621.1921623
R.Piplode,P.sharma and U.K.Singh,”Study of Threats, Risks and Challenges in Cloud Computing”, International Journal of Scientific Research in Computer Science and Engineering, Volume 1, Isuue 1, 2013.
M. Shema. “Seven Deadliest Web Application Attacks”, Elsevier Inc., pp47-69. ISBN-9781597495431,2010.
D. Kaur, P. Kaur. “Empirical Analysis of Web Attacks”. In Procedia of Computer Science. Elsevier Publications. Volume 78, pp. 298-306. DOI:10.1016/j.procs.2016.02.057, 2016.
S. Junaid. “Analytical Study of Common Web Application Attacks”. International Journal of Advanced Research in computer engineering & Technology (IJARCET)”, Vol.3, Issue3, 611-617.
G. Parmar, K.Mathur. “Proposed Preventive measures and strategies Against SQL injection Attacks”. Indian Journal of Applied Research, Vol.5, Issue 5,pp 664-671. ISSN- 2249555X, 2015.
S. Madan, S. Madan. “Bulwark Against SQL Injection attack – An Unified Approach”. International Journal of Computer Science and Network Security(IJCSNS), Vol. 10 No.5.pp 305-313. 2010.
Mahapatra and S. Khan. “A Survey of SQL Injection Countermeasures”, International Journal of Computer science &engineering(IJCSES) Vol.3, No.3,pp.55-74. DOI : 10.5121/ijcses.2012.3305 55, June 2012
William, Jeremy and Alessandro. “Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental study” in IEEE 21st International Symposium on Software Reliabiliry Engineering(ISSRE).pp. 289-298 , 2010.
S. Kalaria and M.Vivekanandan. “Dark Side of SQL Injection”. In the proceedings of ASAR International Conference, Banglore, Pp 67-72. ISBN: 978-81-927147-0-7. April 2013.
D.Gollmann. “Securing Web Applications”.Article in ELSEVIER Information Security Technical Report Volume 13 Issue1. Elsevier Advanced Technology Publications Oxford, UK. 1-9.DOI: 10.1016/j.istr.2008.02.002
U.Aggarwal, M.Saxena,K.S. Rana.” A Survey of SQL Injection Attacks”. International Journal of Advanced Research in Computer Science and Software Engineering (IJARCSSE), vol.5, Issue 3. 286-289. ISSN:2277128X., March 2015.
M.Kiani,Clark,Mohay, “Evaluation of Anomaly Based Character Distribution Models in Detection of SQL Injection attacks”. In 3rd International conference on Availability,Reliabilty and Security, pp 47-55, 2008.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
