More Web Proxy on the site http://driver.im/

research-article

An approach to secure multi-tier websites through SQL-Injection detection and prevention

Authors:

Md. Emon Hossain,

Sabbir AhmedAuthors Info & Claims

ICCA 2020: Proceedings of the International Conference on Computing Advancements

Article No.: 14, Pages 1 - 7

https://doi.org/10.1145/3377049.3377096

Published: 20 March 2020 Publication History

Abstract

The vulnerability of SQL injection allows attackers to directly flow commands into the database of the underlying web application and destroy their functions or confidentiality. In recent times it has gone from threatening the front ends of the web application to exploiting vulnerabilities in the back-end scheme of this database. In this study, we proposed a model to prevent different SQL injections for web-based multi-tier architecture. The model exhibits its efficiency by the tracking of different SQL injections and the performance result illustrates its applicability.

References

[1]

Li Qian, Zhenyuan Zhu, Jun Hu, and Shuying Liu. Research of sql injection attack and prevention technology. In 2015 International Conference on Estimation, Detection and Information Fusion (ICEDIF), pages 303--306. IEEE, 2015.

[2]

Mi-Yeon Kim and Dong Hoon Lee. Data-mining based sql injection attack detection using internal query trees. Expert Systems with Applications, 41(11): 5416--5430, 2014.

[3]

S. Suganya, D Rajthilak, and G Gomathi. Multi-tier web security on web applications from sql attacks. IOSR Journal of Computer Engineering, 16(2):01--04, 2014.

[4]

Atefeh Tajpour, Suhaimi Ibrahim, and Mohammad Sharifi. Web application security by sql injection detectiontools. IfCSI International Journal of Computer Science Issues, 9(2):332--339, 2012.

[5]

Atefeh Tajpour, Mohammad Zaman Heydari, Maslin Masrom, and Suhaimi Ibrahim. Sql injection detection and prevention tools assessment. In 2010 3rd International Conference on Computer Science and Information Technology, volume 9, pages 518--522. IEEE, 2010.

[6]

William G Halfond, Jeremy Viegas, Alessandro Orso, et al. A classification of sql-injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering, volume 1, pages 13--15. IEEE, 2006.

[7]

Sruthi Bandhakavi, Prithvi Bisht, P Madhusudan, and VN Venkatakrishnan. Candid: preventing sql injection attacks using dynamic candidate evaluations. In Proceedings of the 14th ACM conference on Computer and communications security, pages 12--24. ACM, 2007.

Digital Library

[8]

Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour. Study of sql injection attacks and countermeasures. International Journal of Computer and Communication Engineering, 2(5):539, 2013.

[9]

Paul R McWhirter, Kashif Kifayat, Qi Shi, and Bob Askwith. Sql injection attack classification through the feature extraction of sql query strings using a gap-weighted string subsequence kernel. Journal of information security and applications, 40:199--216, 2018.

[10]

Praveen Kumar. The multi-tier architecture for developing secure website with detection and prevention of sql-injection attacks. International Journal of Computer Applications, 62(9), 2013.

[11]

Kasra Amirtahmasebi, Seyed Reza Jalalinia, and Saghar Khadern. A survey of sql injection defense mechanisms. In 2009 International Conforence for Internet Technology and Secured Transactions,(ICITST), pages 1--8. IEEE, 2009.

[12]

Piyush Mittal and Sanjay Kumar Jena. A fast and secure way to prevent sql injection attacks. In 2013 IEEE Conforence on Information & Communication Technologies, pages 730--734. IEEE, 2013.

[13]

Kaiyu Feng, Xiao Gu, Wei Peng, and Dequan Yang. Moving target defense in preventing sql injection. In International Conference on Artificial Intelligence and Security, pages 25--34. Springer, 2019.

[14]

Lambert Ntagwabira and Song Lin Kang. Use of query tokenization to detect and prevent sql injection attacks. In 2010 3rd International Conforence on Computer Science and Information Technology, volume 2, pages 438--440. IEEE, 2010.

[15]

Adrian Wiesmann, Andrew van der Stock, Mark Curphey, Ray Stirbei, Abraham Kang, Alex Russell, Amit Klein, Brian Greidanus, Christopher Todd, Darrel Grundy, et al. A guide to building secure web applications and web services. The Open Web Application Security Project, 2005.

Index Terms

An approach to secure multi-tier websites through SQL-Injection detection and prevention
1. Security and privacy
  1. Database and storage security
    1. Management and querying of encrypted data
  2. Software and application security
    1. Software security engineering
    2. Web application security

Recommendations

A Survey on SQL Injection Attacks, Detection and Prevention
ICMLC '20: Proceedings of the 2020 12th International Conference on Machine Learning and Computing

Since the uses of Web in daily life is increasing in past 20 years and becoming trend now, almost every Web application has its own database to store important data. An attacker can get or even modify the data from database through SQL injection ...
Evaluation of SQL Injection Detection and Prevention Techniques
CICSYN '10: Proceedings of the 2010 2nd International Conference on Computational Intelligence, Communication Systems and Networks

Database driven web application are threaten by SQL Injection Attacks (SQLIAs) because this type of attack can compromise confidentiality and integrity of information in databases. Actually, an attacker intrudes to the web application database and ...
A survey of detection methods for XSS attacks
Abstract
Cross-site scripting attack (abbreviated as XSS) is an unremitting problem for the Web applications since the early 2000s. It is a code injection attack on the client-side where an attacker injects malicious payload into a vulnerable ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCA 2020: Proceedings of the International Conference on Computing Advancements

January 2020

517 pages

ISBN:9781450377782

DOI:10.1145/3377049

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 March 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCA 2020

ICCA 2020: International Conference on Computing Advancements

January 10 - 12, 2020

Dhaka, Bangladesh

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
246
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents