Analysis of the defending possibilities against SQL Injection attacks
Chrystian Byzdra
cbyzdra@gmail.comLublin University of Technology (Poland)
Grzegorz Kozieł
Lublin University of Technology (Poland)
Abstract
The article describes various protection methods of database and types of SQL Injection attacks. These are extremely dangerous attacks because they threaten the confidentiality of sensitive data. In order to analyze in detail protection methods and methods of attacks, simulations of attacks and defence were performed in the following languages: C #, PHP, Java. Based on the simulation results for particular languages, the effectiveness and efficiency of database protection methods were compared.
Keywords:
SQL injection; prevention; input validationReferences
[1] Clarke J.: SQL Injection Attacks and Defense, Syngress Publishing, 2009
[2] Somesh J., Christodorescu M., Wang C., Maughan D., Song D.: Malware Detection, Springer, 2006
[3] Snyder C., Southwell M.: Pro PHP Security, Apress, 2005
[4] Sadeghian A., Zamani M., Ibrahim S.: SQL Injection is Still Alive:A Study on SQL Injection Signature Evasion Techniques, IEEE, 2013
[5] Heydari M.Z.: Comparision of SQL Injection Detection and Prevention Techniques, ICETC, 2010
[6] Halfond W.G.J., Viegas J., Orso A.: A Classification of SQL Injection Attacks and Countermeasures, IEEE, 2006
[7] Lambert N., Song Lin K.: Use of Query Tokenization to detect and prevent SQL Injection Attacks, IEEE, 2010
[8] Kar D., Panigrahi S.: Prevention of SQL Injection Attack Using Query Transformation and Hashing, IEEE, 2012
[9] Amutha Prabakar M., KarthiKeyan M., Marimuthu K.: An efficient technique for preventing SQL Injection attack using pattern matching algorithm, IEEE, 2013
[10] Wei K., Muthuprasanna M., Kothari S.: Preventing SQL Injection Attacks in Stored Procedures, IEEE, 2006
[11] Specyfikacja języka C# http://docs.microsoft.com/pl-pl/dotnet/csharp/language-reference/language-specification/introduction [20.05.2019]
[12] Podstawy programowania w języku Java, https://docs.oracle.com/javase/tutorial/java/index.html [13.05.2019]
[13] Dokumentacja techniczna języka PHP, https://www.php.net/manual/en/ [11.04.2019]
[14] Opis standardów i składni języka SQL, http://bazy.rzeszow.pl/klasy/klasa3bazy/sql.pdf [15.05.2019]
[15] Wykład z języka SQL przedstawiający podstawowe funkcje, https://www.mechanikryki.pl/renata/pliki_pdf/SQL.pdf [15.05.2019]
[2] Somesh J., Christodorescu M., Wang C., Maughan D., Song D.: Malware Detection, Springer, 2006
[3] Snyder C., Southwell M.: Pro PHP Security, Apress, 2005
[4] Sadeghian A., Zamani M., Ibrahim S.: SQL Injection is Still Alive:A Study on SQL Injection Signature Evasion Techniques, IEEE, 2013
[5] Heydari M.Z.: Comparision of SQL Injection Detection and Prevention Techniques, ICETC, 2010
[6] Halfond W.G.J., Viegas J., Orso A.: A Classification of SQL Injection Attacks and Countermeasures, IEEE, 2006
[7] Lambert N., Song Lin K.: Use of Query Tokenization to detect and prevent SQL Injection Attacks, IEEE, 2010
[8] Kar D., Panigrahi S.: Prevention of SQL Injection Attack Using Query Transformation and Hashing, IEEE, 2012
[9] Amutha Prabakar M., KarthiKeyan M., Marimuthu K.: An efficient technique for preventing SQL Injection attack using pattern matching algorithm, IEEE, 2013
[10] Wei K., Muthuprasanna M., Kothari S.: Preventing SQL Injection Attacks in Stored Procedures, IEEE, 2006
[11] Specyfikacja języka C# http://docs.microsoft.com/pl-pl/dotnet/csharp/language-reference/language-specification/introduction [20.05.2019]
[12] Podstawy programowania w języku Java, https://docs.oracle.com/javase/tutorial/java/index.html [13.05.2019]
[13] Dokumentacja techniczna języka PHP, https://www.php.net/manual/en/ [11.04.2019]
[14] Opis standardów i składni języka SQL, http://bazy.rzeszow.pl/klasy/klasa3bazy/sql.pdf [15.05.2019]
[15] Wykład z języka SQL przedstawiający podstawowe funkcje, https://www.mechanikryki.pl/renata/pliki_pdf/SQL.pdf [15.05.2019]
Byzdra, C., & Kozieł, G. (2019). Analysis of the defending possibilities against SQL Injection attacks . Journal of Computer Sciences Institute, 13, 339–344. https://doi.org/10.35784/jcsi.1329
Authors
Grzegorz KoziełLublin University of Technology Poland
Statistics
Abstract views: 475PDF downloads: 395
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.