DEMERITS, DETECTION & PREVENTION OF SQL INJECTION ATTACKS OVER THE CLOUD COMPUTING
DOI:
https://doi.org/10.61841/se5pmg69Keywords:
SQL injection, Cloud computing, Input validation, Cloud security, Deployment modelsAbstract
Web services that continuously deliver services to customers are basically connected to the backend database which contains highly sensitive information. As demand of deploying such applications increases, it also increases the possibility of such attacks that target applications. SQLIA is the most popular security attacks in the web application system. This type of attack is caused due to lacking of SQL parameters used and input validation. Some popular SQL injection attack that can affect the system and its prevention techniques are mentioned in this paper. Today’s internet world, securing data on cloud is very important issue. One of the most important challenges to secure web application is acknowledged by SQL injection attack. Most sensitive SaaS vulnerability which allows attacker to break the integrity and confidentiality of user’s data is called SQL injection attack. It breaches the security policy. Attacker inserts some code in the query which is not written by application developer. SQL injection is also called as web security vulnerability. Mostly it permits attacker to see data that they are not able to see. This paper proposes simulation of six case studies of SQL injection attack. System presents SQL injection attack with protection and without protection. System shows test case with protection means by specifying rules. If rule specification done then ontology logic is used. It uses test case without protection means creation of unknown user name or history of user. Implementation of system also classifies how attack happens, detection of attacks without protection and with protection.
Downloads
References
[1] Kim, Mi-Yeon; Lee, Dong Hoon.Data-mining based SQL injection attack detection using internal query trees.[J]Expert systems with applications. 2013,9:416-430
[2] Anley C. Advanced SQL injection SQL sever application.[EB]. http://www.creangel.com/papers/advanced sq I_injection. pdf.
[3] Mittal, Piyush. A fast and secure way to prevent SQL injection attacks.[Cl2013 IEEE Conference on Information and Communication Technologies, ICT 2013, P 730-734
[4] Meng Ting. MySQL Injection Attacks and Defense Methods. [J]Information Security and Technology,2013.11
:26-38
[5] Jang, Young-Su; Choi, Jin-Young,Detecting SQL injection attacks using query result size[J]COMPUTERS & SECURITY,2014.44: 104-118
[6] Mishra, Nitin; Chaturvedi, Saumya; Sharma, Anil Kumar.XML-Based Authentication to Handle SQL Injection.[J]Advances in Intelligent Systems and Computing.2014,236.: 739-749
[7] “Implement of cloud computing for e-Learning system”, Manop phankokruad,2012 International Conference on Computer & Information Science (ICCIS), pp. 7-11
[8] 2. Extended results on privacy against coalitions of users in user-private information retrieval protocols. Colleen M. Swanson, Douglas R. Stinson. 4, s.l. : Springer, February 12 , 2015,
Cryptography and Communications, Vol. 7, pp. 415-437.
[9] 3. Global sensitivity measures from given data. Elmar Plischkea, Emanuele Borgonovob, Curtis L. Smithc. 3,
s.l. : elsevier, may 1, 2013, European Journal of Operational Research, Vol. 226, pp. 536-550. 10.1016/j.ejor.2012.11.047.
[10] 4. Cache Serializability: Reducing Inconsistency in Edge Transactions. Eyal, I., Birman, K. and van Renesse,
R. columbus, OH : IEEE, june-july 29-2, 2015, 2015 IEEE 35th International Conference on Distributed Computing Systems (ICDCS), pp. 686-695. 10.1109/ICDCS.2015.75.
[11] 5. Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks. W. Halfond, A. Orso. s.l. : IEEE, Proceeding of the Third International ICSE Workshop on Dynamic Analysis .
[12] 6. Detection and Prevention of SQL Injection Attacks. Halfond, William G.J. and Orso, Alessandro. s.l. : Springer, 2007, pp. 85-109.
[13] 7. CANDID: Preventing SQL Injection Attacks using Dynamic Candidate Evaluations. Bandhakavi, Sruthi, et al., et al. Alexandria, Virginia, USA : ACM, October-November 29-2, 2007.
[14] 8. Privacy-enhanced architecture for smart metering. Félix Gómez Mármol, Christoph Sorge, Ronald Petrlic, Osman Ugus, Dirk Westhoff, Gregorio Martínez Pérez. 2, s.l. : Springer, november 28, 2012, International Journal of Information Security, Vol. 12, pp. 67-82. 10.1007/s10207-012-0181-6.
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
