C-Queued Technique against SQL injection attack

Sumit Dhariwal, Romil Rawat, Nikhil Patearia

Abstract


Web application is the great need of modernization, with the increase of web application grow, attacks have been manufactured. Among all attacks, SQL Injection is a most disastrous threat which destroys and even gains the complete accessibility of backend applications. Queries which are made dynamically after the user supplied input is highly susceptible to Injection .By providing the Single quotes, double quotes, double dashes, semicolon, tautology and other vulnerabilities inputs he could misconfigure or modify the contents of the underlying database of a web application. We proposed a concept to detect SQL injection attacks by Parsing the SQL Query into tokens (chunks of SQL queries). When attacker is making SQL injection he will use attacking tricks in his input. Our method consists of parsing of original query and a query with injection separately, the tokens are formed they all make a Circular-Link-List for which every token is an element of the circular link list. Two circular-link-lists resulting from both original query and a query with injection are obtained and their node-to-node is compared to detect whether there is injection or not. By checking the list-node cycle address and node-to-node comparison, the result would be made that, there is injection or not.

 

 

Keywords: Database security, SQL injection, Authentication Introduction.


Full Text:

PDF


DOI: https://doi.org/10.26483/ijarcs.v2i5.737

Refbacks

  • There are currently no refbacks.




Copyright (c) 2016 International Journal of Advanced Research in Computer Science