Prevention of Web Application Against SQL-Injection Attack

Abstract

Web applications are accessed using internet and so face risks associated with usage of internet. There are numerous attacking techniques in the database of web applications, one of them simplest technique is the SQL Injection technique. SQL Injection is an attacking method used by the hackers to retrieve, manipulation, fabricate or delete information in organization’s relational database through web applications. Information in the database mainly constitutes an organization’s most important information and attacks on it could threaten the organization’s confidentiality, availability, integrity and so on. It is a simple and required database and server- script language knowledge but no special tool or experience In this thesis work, we study the different attacking techniques through SQL Injection and it applies to popular Internet Information Server Page/ASP.NET/SQL Server Platform. We discuss some ways in which attacker can inject the SQL-code in to the database of web application and then addresses some of the prevention techniques with our own prevention method i.e. transition table validation method, which is related to them with the validation. Similarly, we also found that execution time taken by guarded statement is comparatively greater than the execution time taken by normal statement.