Full Paper View Go Back

Effectiveness of SQLI Countermeasures

Daljit Kaur1 , Parminder Kaur2

  1. Dept. of Computer Science, Lyallpur Khalsa College, Jalandhar, India.
  2. Dept. of Computer Science, Guru Nanak Dev University, Amritsar, India..

Correspondence should be addressed to: jeetudaljit@hotmail.com.


Section:Research Paper, Product Type: Isroset-Journal
Vol.5 , Issue.5 , pp.41-46, Oct-2017


CrossRef-DOI:   https://doi.org/10.26438/ijsrcse/v5i5.4146


Online published on Oct 30, 2017


Copyright © Daljit Kaur, Parminder Kaur . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library


XML View     PDF Download

How to Cite this Paper

  • IEEE Citation
  • MLA Citation
  • APA Citation
  • BibTex Citation
  • RIS Citation

IEEE Style Citation: Daljit Kaur, Parminder Kaur, “Effectiveness of SQLI Countermeasures,” International Journal of Scientific Research in Computer Science and Engineering, Vol.5, Issue.5, pp.41-46, 2017.

MLA Style Citation: Daljit Kaur, Parminder Kaur "Effectiveness of SQLI Countermeasures." International Journal of Scientific Research in Computer Science and Engineering 5.5 (2017): 41-46.

APA Style Citation: Daljit Kaur, Parminder Kaur, (2017). Effectiveness of SQLI Countermeasures. International Journal of Scientific Research in Computer Science and Engineering, 5(5), 41-46.

BibTex Style Citation:
@article{Kaur_2017,
author = {Daljit Kaur, Parminder Kaur},
title = {Effectiveness of SQLI Countermeasures},
journal = {International Journal of Scientific Research in Computer Science and Engineering},
issue_date = {10 2017},
volume = {5},
Issue = {5},
month = {10},
year = {2017},
issn = {2347-2693},
pages = {41-46},
url = {https://www.isroset.org/journal/IJSRCSE/full_paper_view.php?paper_id=475},
doi = {https://doi.org/10.26438/ijcse/v5i5.4146}
publisher = {IJCSE, Indore, INDIA},
}

RIS Style Citation:
TY - JOUR
DO = {https://doi.org/10.26438/ijcse/v5i5.4146}
UR - https://www.isroset.org/journal/IJSRCSE/full_paper_view.php?paper_id=475
TI - Effectiveness of SQLI Countermeasures
T2 - International Journal of Scientific Research in Computer Science and Engineering
AU - Daljit Kaur, Parminder Kaur
PY - 2017
DA - 2017/10/30
PB - IJCSE, Indore, INDIA
SP - 41-46
IS - 5
VL - 5
SN - 2347-2693
ER -

735 Views    317 Downloads    197 Downloads
  
  

Abstract :
In the recent times web applications has become increasingly popular with the growth of web. At the same time, there is an increase in number of attacks in web applications. Attacks like injection vulnerabilities such as SQL Injection, Cross site Scripting, Cross site Request Forgery(CSRF) are common. This paper specially focuses on countermeasures of SQL Injection vulnerability. Here, we have implemented various attacks on a Giftshop web application and also classified SQL Injection countermeasures with respect to Software Development Life Cycle and tested them for their effectiveness with the help of vulnerability scanners. Finally, the result of vulnerability scanners are shown and analyzed before and after the implementation of known SQL Injection countermeasures.

Key-Words / Index Term :
SQL Injection; Attacks; Vulnerability scanners; Threats; Web application; Security

References :
[1] W.K. Torgby, N.Y.Asabere.”Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies”. International Journal of Computer applications Vol. 71, Issue.11 , Pp 29-40.ISSN: 0975-8887, 2013.
[2] M. Gandhi. and J. Baria. “SQL Injection Attacks in Web Application”. International Journal of Soft computing and Engineering (IJSCE), Vol2, Issue 6 ( Jan 2013). 189-191. ISSN:2231-2307. 2013.
[3] .Kaushik and G. Ojha.” SQL Injection Attack Detection and Prevention Methods :A Critical Review”, International Journal of Innovative Research in Science, engineering and Technology (IJIRSET), Vol3, Issue 4 .pp 11370-11377. ISSN: 2319-8753, 2014.
[4] K.Wei, M.Muthuprasanna and S.Kothari.”Preventing SQL injection Attacks in stored Procedures”. In Software Engineering Conference , Australia,2006.
[5] I.A.Elia, Fonseca,Vieira,”Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental study” in IEEE 21st International Symposium on Software Reliabiliry Engineering(ISSRE).pp 289-298,November 2010.
[6] K.X.Zhang, C.J. Lin, S. Chen, Y. Hwang. “TransSQL:A translation and Validation based solution for SQL Injection attacks”, In first international conference on Robot, Vision and Signal Processing, pp248-251.November 2011.
[7] R.Dharm, Shiva.,”Runtime monitors for tautology based SQL injection attacks”, In international conference on cyberSec,pp. 253-258. June 2012.
[8] T. Wei,Y.J.Feng,X.Jing. “ Attack Model Based Penetration Test for SQL Injection Vulnerability”, In IEEE 36th annual Computer Software and Applications Conference Workshops,pp. 589-594. July 2012.
[9] A.Sadeghian,Zamani, Manaf.,”A Taxonomy of SQL Injection Detectionand Prevention Techniques.”, In International Conference on Informatics and Creative Multimedia.pp. 53-56. September 2013.
[10] Aldar C.F.Chan, “A Security Framework for Privacy Preserving data aggregation in wireless sensor networks”, ACM Transactions on sensor networks. Vol 7, Issue 4, 29-40. DOI: 10.1145/1921621.1921623
[11] R.Piplode,P.sharma and U.K.Singh,”Study of Threats, Risks and Challenges in Cloud Computing”, International Journal of Scientific Research in Computer Science and Engineering, Volume 1, Isuue 1, 2013.
[12] M. Shema. “Seven Deadliest Web Application Attacks”, Elsevier Inc., pp47-69. ISBN-9781597495431,2010.
[13] D. Kaur, P. Kaur. “Empirical Analysis of Web Attacks”. In Procedia of Computer Science. Elsevier Publications. Volume 78, pp. 298-306. DOI:10.1016/j.procs.2016.02.057, 2016.
[14] S. Junaid. “Analytical Study of Common Web Application Attacks”. International Journal of Advanced Research in computer engineering & Technology (IJARCET)”, Vol.3, Issue3, 611-617.
[15] G. Parmar, K.Mathur. “Proposed Preventive measures and strategies Against SQL injection Attacks”. Indian Journal of Applied Research, Vol.5, Issue 5,pp 664-671. ISSN- 2249555X, 2015.
[16] S. Madan, S. Madan. “Bulwark Against SQL Injection attack – An Unified Approach”. International Journal of Computer Science and Network Security(IJCSNS), Vol. 10 No.5.pp 305-313. 2010.
[17] Mahapatra and S. Khan. “A Survey of SQL Injection Countermeasures”, International Journal of Computer science &engineering(IJCSES) Vol.3, No.3,pp.55-74. DOI : 10.5121/ijcses.2012.3305 55, June 2012
[18] William, Jeremy and Alessandro. “Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental study” in IEEE 21st International Symposium on Software Reliabiliry Engineering(ISSRE).pp. 289-298 , 2010.
[19] S. Kalaria and M.Vivekanandan. “Dark Side of SQL Injection”. In the proceedings of ASAR International Conference, Banglore, Pp 67-72. ISBN: 978-81-927147-0-7. April 2013.
[20] D.Gollmann. “Securing Web Applications”.Article in ELSEVIER Information Security Technical Report Volume 13 Issue1. Elsevier Advanced Technology Publications Oxford, UK. 1-9.DOI: 10.1016/j.istr.2008.02.002
[21] U.Aggarwal, M.Saxena,K.S. Rana.” A Survey of SQL Injection Attacks”. International Journal of Advanced Research in Computer Science and Software Engineering (IJARCSSE), vol.5, Issue 3. 286-289. ISSN:2277128X., March 2015.
[22] M.Kiani,Clark,Mohay, “Evaluation of Anomaly Based Character Distribution Models in Detection of SQL Injection attacks”. In 3rd International conference on Availability,Reliabilty and Security, pp 47-55, 2008.

Authorization Required

 

You do not have rights to view the full text article.
Please contact administration for subscription to Journal or individual article.
Mail us at  support@isroset.org or view contact page for more details.

Go to Navigation