The input parameters provided by the user may or may not be trustworthy. Most of the time, the query that is passed to the database server for execution contains user-supplied parameters. The application server checks the returned data and takes the decision and then renders the data in the dynamic web page. The results of the queries are returned to the application server. The queries are passed to the SQL query processor and get executed. By using the built-in objects and methods, we make the connection to the database server and execute the Structured Query Language (SQL) queries. The connection from the web application to the database management system is made through Application Programing Interfaces (APIs) like Open Database Connectivity (ODBC) and Java Database Connectivity (JDBC). The data from the database is commonly used for authenticating the user, for storing the record and their relationship, and for displaying the data in a dynamically created web page. The data management tier consists of a database server, where confidential information relating to the application and the users is stored and retrieved. Instead of rewriting the entire application, now the developers have to add or modify a specific tier as needed, which helps in ease of design and maintenance. Today’s web applications are built on -tier architecture, in which, the data management, application processing, and presentation tier are logically separated. The results obtained are promising with a high accuracy rate for detection of SQL injection attack. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks.
The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. In this article, the authors have proposed a novel method for prevention of SQL injection attack. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. The journey of static to dynamic web pages leads to the use of database in web applications. Reports on web application security risks show that SQL injection is the top most vulnerability.
0 kommentar(er)
