Analysis and Prevention of SQL Injection Attacks

Abstract

With the increasing trend of use of web services, the challenges about database security has also been increased consequently.Database security is one of the most essential factors in keeping stored information safe. These days, web applications are used widely as a meddler between computer users. Web applications are also used mostly by e-commerce companies, and these types of applications need a secured database in order to keep sensitive and confidential information. Since SQL injection attacks occurred as a new way of accessing database through the application rather than directly through the database itself, they have become popular among hackers and malicious users. We focus our research on SQLIA as most web applications are vulnerable to them. A novel technique to counter SQL injection has been proposed, which combines conservative static analysis and runtime monitoring to detect and stop illegal queries before they are executed on the database.In the static part, the technique builds a conservative model of the data structure of the legitimate queries that could be generated by the application. In its dynamic part, the technique inspects the dynamically generated queries for compliance with the statically-build model. Even for fast searching we use the concept of linked list and doubly linked list hash function. If the incoming query resembles with the valid query structures, they should be allowed for execution otherwise they are prevented from execution on the database server