KEMBAR78
SQL INJECTION ATTACKS.pptx
Uploaded byREMEGIUSPRAVEENSAHAY
PPTX, PDF21 views

SQL INJECTION ATTACKS.pptx

The document discusses avoiding vulnerability in web applications due to SQL injection attacks. It proposes using encryption techniques like AES encryption and secure hashing to encrypt SQL queries before sending them to the database. The proposed system architecture encrypts the username and password during registration using AES encryption, and then hashes the encrypted value for storage in the database. This makes unauthorized access and SQL injection attacks more difficult. Screenshots show the protected login page working to help prevent SQL injection attacks.

Download to read offline
LOYOLA – ICAM COLLEGE OF ENGINEERING AND TECHNOLOGY (LICET) Loyola College Campus, Nungambakkam , Chennai – 34 AVOIDING VULNERABILITY IN DATAADMITTANCE OF WEB APPLICATIONS BASED ON ENCRYPTION TECHNIQUES Done by Guide L.DIVYA [32810104013] Mr L REMEGIUS PRAVEEN SAHAYARAJ V.PAVITHRA [32810104042] P.SHANTHI PRIYA [32810104054] Area Of Reasearch: Database Security
INTRODUCTION • Area Of Research: Database Security • A less secure Web application design may allow crafted injection and malicious update on the backend database. This trend can cause lots of damages and thefts of trusted users sensitive data by unauthorized users • Motivation of this Research 1. Encryption & hashing will provide more security in database. 2. SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique. • Web Application is a Three Tier Architecture with Client, Server & DataBase. •
AGENDA • Abstract. • Existing system. • Proposed system and its limitations. • System Architecture and its advantages. • Screenshots. • Conclusion. • References.
ABSTRACT Web applications are steadily increasing in our daily routines activities and continue to integrate them. Online Banking, On-line reservations, on-line shopping expect these web applications to be secure and reliable the terror of SQL– Injection Attacks has become increasingly frequent and serious. SQL Injection Attacks are one of the topmost threats for web application security. Using SQL Injection attackers can leak confidential information: such as credit card numbers, ATM pins, User credentials from web applications and even corrupt the database. In this paper, some predefined methods are discussed and integrated approach of encryption method with secure hashing is applied in the database to avoid attack on each and every phase.
EXISTING SYSTEM • Tame-card detection and prevention • Functionality of temporary authentication • Vulnerability detection -Static analysis -Dynamic analysis • Predefined method and hybrid encryption methods applied • Hash value approach with SQLIPA prototype • Runtime attack prevention - Client side prevention - Server side prevention
LIMITATIONS • SQL Injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. • Essentially, the attack is accomplished by placing a meta character into data input to then place SQL commands in the control plane, which did not exist there before. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.
Literature survey Title Work done Inference Detection of SQL Injection Attack and Various Prevention Strategies. This paper presents a security methods we are able to reduce the total number of alerts from four to zero alert by scanning the website using vulnerability tool. SQL Injection attack occurs due to vulnerabilities present in the website that allows the hacker to by passes the SQL statements and hence enters into the database queries directly. SQL Injection is the first step in entry to exploiting or hacking any website available on internet. Got Clear Idea about Attacks and this algorithm is like mutation based so it takes plenty of time to identify the attacks Protection of Web Application againstSql Injection Attacks In this paper, various types of SQL injection attacks as well as predefined prevention methods are discussed. Then the hybrid encryption method is used which includes AES encryption and Rabin’s cryptosystem. The reason behind the use of two layer of encryption is that it will be more secured. SQL query is generated and encrypted by Rabin’s cryptosystem because even if hackers hack the information and decode the AES encryption part, it will still be more difficult for them to know about the encrypted query Add some more security to databases to avoid SQL injection attack.
Cont.. SQL INJECTION Attacks in Web Application In this paper, we have presented the rst formal definition of command injection attacks in web applications. Based on this definition, we have developed a sound and complete runtime checking algorithm for preventing command injection attacks and produced a working implementation of the algorithm. SQLCIAs precisely and incurred low runtime overhead. Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA This paper also contains strengths and weaknesses of various SQL injection attacks. At last we also proposed the scheme to handle the SQLIA and strong enough to prevent them. The use of internet increases day by day. As the number of computer users increases, the number reported cases of cybercrime increases. While, on the other side, the organization increases the use of office automation software & services, that helps them to maintain the confidential information with less efforts. A new approach that is completely based on the hash method of using the SQL queries in the web-based environment, which is much secure and provide the prevention from the attackers SQL.
PROPOSED SYSTEM • AES encryption and combined approach of secure hashing on encryption. • By applying encryption technique, database attacks can be prevented. Encryption of data basically helps to change the data into a form that is not readable. Without the correct key, this format can’t be deciphered even if attacker hacks the information. Application of encryption in login phase makes it difficult for unauthorized users to access the database.
ADVANTAGES • Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. • Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password. • Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability. • Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.
OVERALL SYSTEM ARCHITECTURE Username Password Encrypted AES Code AES SHA1 SHA(AES) Username & Password Registration Encrypted string of Username & Password Data Base Access Permitted Value check in DB No Access SQL Injection Attack Authentication Schemes Login Interface
OVERALL SYSTEM ARCHITECTURE • SQL injection attacks are nothing but injecting malicious queries by the hackers into the application projected queries to get the desired outputs from the database. SQL Injection allows an attacker to create, read, update, modify, or delete data stored in the back-end database. • While Typing SQL keywords and control signs an intruder is able to modify the structure of SQL query developed by a Web designer. • SQL Injection attacks can take place when a web application utilizes user-supplied data without proper validation or encoding as part of a command or query
RESULTS Registering the username and password in the login page Username and Password stored in the login table
Unprotected login page Protected Login
Exit page
CONCLUSION • SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique and as we know hashed codes is a one way encryption technique thus it is not possible to decode it. This proposed integrated approach is an effort to add some more security measures to databases to avoid SQL injection attack. • The web-application code perfectly contains a policy that allows distinguishing lawful and malicious queries. • This area is in need of more research, mainly because of various reasons: SQL injection attacks are most probable to change and new vulnerabilities will be found, collectively with new countermeasures to deal with them. As many hacking sites are existing on the web, and since attack methods are well described and circulated between hackers, we believe that information about new attack methods must be constantly surveyed and new counter measures should be developed. • So, in future, a new technique can be developed so that it is capable for other varieties of SQL Injection Attacks also. Due to which, this technique will be able to prevent SQL Injection Attack totally.
REFERENCES [1] Priyanka, Vijay Kumar Bohat, (April 2013) ’Detection of SQL Injection Attack and Various Prevention Strategies’, International Journaand Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-2, Issue-4. [2] Sonam Panda, 1 Ramani S2,(Jan-Feb.2013),’Protection of Web Application against Sql Injection Attacks ‘, International Journal of Modern Engineering Research (IJMER) Vol.3, Issue.1, pp-166-168 ISSN: 2249-6645. [3] Mihir Gandhi, JwalantBaria,( January 2013)’SQL INJECTION Attacks in Web Application’International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-6. [4] By Mayank Namdev*, Fehreen Hasan, Gaurav Shrivastav(July 2012) ‘Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA”Volume 2, Issue 7. [5] Shubham Srivastava1, Rajeev Ranjan Kumar Tripathi, ‘Attacks Dueto SQL Injection & Their Prevention Method for Web-Application (IJCSIT) International Journal of Computer Science and InformationTechnologies, Vol. 3 (2) , 2012,3615-3618. [6] Indrani Balasundaram, E.Ramaraj,’An Authentication Scheme forPreventing SQL injection Attack using Hybrid Encryption’ (ISSN 1450-216,2011, Vol.53,pp.359-368. [7] AtefehTajpour et al. ‘Evaluation of SQL Injection Detetion andPrevention Techniques’ Second International Conference onComputational Intelligence, 2010. [8] Shaukat Ali, Azhar Rauf, Huma Javed,’SQLIPA: An Authentication Mechanism Against SQL Injection’, European Journal of Scientific Research ISSN 1450-216X Vol.38 No.4 (2009), pp 604-611. [9] Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour,( September 2013) ‘Study of SQL Injection Attacks and Countermeasures’, International Journal of Computer and Communication Engineering, Vol. 2, No. 5. [10] W. G. Halfond, J. Viegas, and A. Orso , ‘A Classification of SQLInjection Attacks and Countermeasures,’ in Proc. the International Symposium on Secure Software Engineering 2006.
THANK YOU

More Related Content

PDF
Ijcet 06 10_005
byIAEME Publication
 
PDF
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PDF
SQL Injection Prevention by Adaptive Algorithm
byIOSR Journals
 
PDF
E017131924
byIOSR Journals
 
PDF
Op2423922398
byIJERA Editor
 
PDF
Ijcatr04041018
byEditor IJCATR
 
PDF
Prevention of SQL injection in E- Commerce
byijceronline
 
PDF
Cryptoghaphy
byanita bodke
 
Ijcet 06 10_005
byIAEME Publication
 
International Journal of Engineering Inventions (IJEI)
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
SQL Injection Prevention by Adaptive Algorithm
byIOSR Journals
 
E017131924
byIOSR Journals
 
Op2423922398
byIJERA Editor
 
Ijcatr04041018
byEditor IJCATR
 
Prevention of SQL injection in E- Commerce
byijceronline
 
Cryptoghaphy
byanita bodke
 

Similar to SQL INJECTION ATTACKS.pptx

PDF
IRJET - SQL Injection: Attack & Mitigation
byIRJET Journal
 
PDF
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
PDF
Prevention of SQL Injection Attack in Web Application with Host Language
byIRJET Journal
 
PDF
Devoid Web Application From SQL Injection Attack
byIJRESJOURNAL
 
PPTX
cybersecurity and sql injection for students
byVeenaShree20
 
PPTX
SQL INJECTION
byAnoop T
 
PPTX
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
PPTX
Sql Injection
bypenetration Tester
 
PPT
Sql security
bySafwan Hashmi
 
PDF
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
DOCX
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
PDF
Approaches to detect and prevent sql injection in web applications
bySandeep Kumbhar
 
PPTX
Understanding and preventing sql injection attacks
byKevin Kline
 
PDF
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
byijtsrd
 
PPT
SQLSecurity.ppt
byLokeshK66
 
PPT
SQLSecurity.ppt
byCNSHacking
 
PPTX
SQL injection implementation and prevention
byRejaul Islam Royel
 
PDF
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
byIRJET Journal
 
PPTX
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
PPTX
Sql injection
bySuraj Tiwari
 
IRJET - SQL Injection: Attack & Mitigation
byIRJET Journal
 
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
Prevention of SQL Injection Attack in Web Application with Host Language
byIRJET Journal
 
Devoid Web Application From SQL Injection Attack
byIJRESJOURNAL
 
cybersecurity and sql injection for students
byVeenaShree20
 
SQL INJECTION
byAnoop T
 
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
Sql Injection
bypenetration Tester
 
Sql security
bySafwan Hashmi
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
Approaches to detect and prevent sql injection in web applications
bySandeep Kumbhar
 
Understanding and preventing sql injection attacks
byKevin Kline
 
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
byijtsrd
 
SQLSecurity.ppt
byLokeshK66
 
SQLSecurity.ppt
byCNSHacking
 
SQL injection implementation and prevention
byRejaul Islam Royel
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
byIRJET Journal
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
Sql injection
bySuraj Tiwari
 

Recently uploaded

PDF
How to Get a Business Loan for Your HVAC and Plumbing Company
byJake Thornhill
 
PDF
Recepta do kampanii The Swedish Prescription
byagatadrynko
 
PDF
Where Top 10 Uk -US Buy- Verified- Wise- Accounts___.pdf
byhttps://usashopsell.com/product/buy-verified-paypal-accounts/
 
PDF
Solving the Unsolvable: The 12 Fundamental Problems Archon™ Solves – Building...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
PDF
ICv2 White Paper 2025 - The New World of Comics
byDennisViau
 
PDF
How to Get a Business Loan for Your Travel Agency (Quick and Easy)
byJake Thornhill
 
PPTX
Kerala building tax act - James Joseph Adhikarathil Land problem solver
byJamesadhikaram land consultancy 9447464502
 
PDF
Everything that you always wanted to know about Linear Regression for a Senio...
byluc faucheux
 
PDF
Ms. Hikmat Matta, Spox
bySmiling Lungs
 
DOCX
Top 33 Site to Buying, Verified Coinbase Accounts A Complete Guide .docx
byTinVejos
 
PDF
_How to Buy Verified PayPal Account and Start Transactions ....pdf
bypvatopservice6
 
PDF
bitreport_testingtheimpactofvalueformoneymetricsonpensiondecisionmaking_june2...
byHenry Tapper
 
PPTX
ERP Odoo Presentation updated odoo basic modul
byyandiyyyyy
 
PDF
Title_ Old Gmail Accounts Use Cases.pdf.
bydarlahuffman3
 
PDF
Leadership Performance Learning Sprint Group Call #2 – Week 3
byChristopherVicGamuya
 
PDF
Jeremy Millul - Founded His Own Jewelry Business
byJeremy Millul
 
PPTX
Thermal Energy - Planet MicroCap Toronto - October 2025
byMarketing847413
 
PDF
Community Relations Report 2025_PEACE COIN_EN.pdf
byPEACE COIN
 
PPTX
Service Operations Management Framing service operations
byDinaAllam10
 
PDF
Andria Sergio - A Freelance Bookkeeper
byAndria Sergio
 
How to Get a Business Loan for Your HVAC and Plumbing Company
byJake Thornhill
 
Recepta do kampanii The Swedish Prescription
byagatadrynko
 
Where Top 10 Uk -US Buy- Verified- Wise- Accounts___.pdf
byhttps://usashopsell.com/product/buy-verified-paypal-accounts/
 
Solving the Unsolvable: The 12 Fundamental Problems Archon™ Solves – Building...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
ICv2 White Paper 2025 - The New World of Comics
byDennisViau
 
How to Get a Business Loan for Your Travel Agency (Quick and Easy)
byJake Thornhill
 
Kerala building tax act - James Joseph Adhikarathil Land problem solver
byJamesadhikaram land consultancy 9447464502
 
Everything that you always wanted to know about Linear Regression for a Senio...
byluc faucheux
 
Ms. Hikmat Matta, Spox
bySmiling Lungs
 
Top 33 Site to Buying, Verified Coinbase Accounts A Complete Guide .docx
byTinVejos
 
_How to Buy Verified PayPal Account and Start Transactions ....pdf
bypvatopservice6
 
bitreport_testingtheimpactofvalueformoneymetricsonpensiondecisionmaking_june2...
byHenry Tapper
 
ERP Odoo Presentation updated odoo basic modul
byyandiyyyyy
 
Title_ Old Gmail Accounts Use Cases.pdf.
bydarlahuffman3
 
Leadership Performance Learning Sprint Group Call #2 – Week 3
byChristopherVicGamuya
 
Jeremy Millul - Founded His Own Jewelry Business
byJeremy Millul
 
Thermal Energy - Planet MicroCap Toronto - October 2025
byMarketing847413
 
Community Relations Report 2025_PEACE COIN_EN.pdf
byPEACE COIN
 
Service Operations Management Framing service operations
byDinaAllam10
 
Andria Sergio - A Freelance Bookkeeper
byAndria Sergio
 

SQL INJECTION ATTACKS.pptx

  • 1.
    LOYOLA – ICAM COLLEGEOF ENGINEERING AND TECHNOLOGY (LICET) Loyola College Campus, Nungambakkam , Chennai – 34 AVOIDING VULNERABILITY IN DATAADMITTANCE OF WEB APPLICATIONS BASED ON ENCRYPTION TECHNIQUES Done by Guide L.DIVYA [32810104013] Mr L REMEGIUS PRAVEEN SAHAYARAJ V.PAVITHRA [32810104042] P.SHANTHI PRIYA [32810104054] Area Of Reasearch: Database Security
  • 2.
    INTRODUCTION • Area OfResearch: Database Security • A less secure Web application design may allow crafted injection and malicious update on the backend database. This trend can cause lots of damages and thefts of trusted users sensitive data by unauthorized users • Motivation of this Research 1. Encryption & hashing will provide more security in database. 2. SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique. • Web Application is a Three Tier Architecture with Client, Server & DataBase. •
  • 3.
    AGENDA • Abstract. • Existingsystem. • Proposed system and its limitations. • System Architecture and its advantages. • Screenshots. • Conclusion. • References.
  • 4.
    ABSTRACT Web applications aresteadily increasing in our daily routines activities and continue to integrate them. Online Banking, On-line reservations, on-line shopping expect these web applications to be secure and reliable the terror of SQL– Injection Attacks has become increasingly frequent and serious. SQL Injection Attacks are one of the topmost threats for web application security. Using SQL Injection attackers can leak confidential information: such as credit card numbers, ATM pins, User credentials from web applications and even corrupt the database. In this paper, some predefined methods are discussed and integrated approach of encryption method with secure hashing is applied in the database to avoid attack on each and every phase.
  • 5.
    EXISTING SYSTEM • Tame-carddetection and prevention • Functionality of temporary authentication • Vulnerability detection -Static analysis -Dynamic analysis • Predefined method and hybrid encryption methods applied • Hash value approach with SQLIPA prototype • Runtime attack prevention - Client side prevention - Server side prevention
  • 6.
    LIMITATIONS • SQL Injectionhas become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. • Essentially, the attack is accomplished by placing a meta character into data input to then place SQL commands in the control plane, which did not exist there before. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.
  • 7.
    Literature survey Title Workdone Inference Detection of SQL Injection Attack and Various Prevention Strategies. This paper presents a security methods we are able to reduce the total number of alerts from four to zero alert by scanning the website using vulnerability tool. SQL Injection attack occurs due to vulnerabilities present in the website that allows the hacker to by passes the SQL statements and hence enters into the database queries directly. SQL Injection is the first step in entry to exploiting or hacking any website available on internet. Got Clear Idea about Attacks and this algorithm is like mutation based so it takes plenty of time to identify the attacks Protection of Web Application againstSql Injection Attacks In this paper, various types of SQL injection attacks as well as predefined prevention methods are discussed. Then the hybrid encryption method is used which includes AES encryption and Rabin’s cryptosystem. The reason behind the use of two layer of encryption is that it will be more secured. SQL query is generated and encrypted by Rabin’s cryptosystem because even if hackers hack the information and decode the AES encryption part, it will still be more difficult for them to know about the encrypted query Add some more security to databases to avoid SQL injection attack.
  • 8.
    Cont.. SQL INJECTION Attacks inWeb Application In this paper, we have presented the rst formal definition of command injection attacks in web applications. Based on this definition, we have developed a sound and complete runtime checking algorithm for preventing command injection attacks and produced a working implementation of the algorithm. SQLCIAs precisely and incurred low runtime overhead. Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA This paper also contains strengths and weaknesses of various SQL injection attacks. At last we also proposed the scheme to handle the SQLIA and strong enough to prevent them. The use of internet increases day by day. As the number of computer users increases, the number reported cases of cybercrime increases. While, on the other side, the organization increases the use of office automation software & services, that helps them to maintain the confidential information with less efforts. A new approach that is completely based on the hash method of using the SQL queries in the web-based environment, which is much secure and provide the prevention from the attackers SQL.
  • 9.
    PROPOSED SYSTEM • AESencryption and combined approach of secure hashing on encryption. • By applying encryption technique, database attacks can be prevented. Encryption of data basically helps to change the data into a form that is not readable. Without the correct key, this format can’t be deciphered even if attacker hacks the information. Application of encryption in login phase makes it difficult for unauthorized users to access the database.
  • 10.
    ADVANTAGES • Confidentiality: SinceSQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. • Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password. • Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability. • Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.
  • 11.
    OVERALL SYSTEM ARCHITECTURE Username Password EncryptedAES Code AES SHA1 SHA(AES) Username & Password Registration Encrypted string of Username & Password Data Base Access Permitted Value check in DB No Access SQL Injection Attack Authentication Schemes Login Interface
  • 12.
    OVERALL SYSTEM ARCHITECTURE •SQL injection attacks are nothing but injecting malicious queries by the hackers into the application projected queries to get the desired outputs from the database. SQL Injection allows an attacker to create, read, update, modify, or delete data stored in the back-end database. • While Typing SQL keywords and control signs an intruder is able to modify the structure of SQL query developed by a Web designer. • SQL Injection attacks can take place when a web application utilizes user-supplied data without proper validation or encoding as part of a command or query
  • 13.
    RESULTS Registering the usernameand password in the login page Username and Password stored in the login table
  • 14.
    Unprotected login pageProtected Login
  • 15.
  • 16.
    CONCLUSION • SQL queryis generated and encrypted by using AES technique which is further hashed by a secure hashing technique and as we know hashed codes is a one way encryption technique thus it is not possible to decode it. This proposed integrated approach is an effort to add some more security measures to databases to avoid SQL injection attack. • The web-application code perfectly contains a policy that allows distinguishing lawful and malicious queries. • This area is in need of more research, mainly because of various reasons: SQL injection attacks are most probable to change and new vulnerabilities will be found, collectively with new countermeasures to deal with them. As many hacking sites are existing on the web, and since attack methods are well described and circulated between hackers, we believe that information about new attack methods must be constantly surveyed and new counter measures should be developed. • So, in future, a new technique can be developed so that it is capable for other varieties of SQL Injection Attacks also. Due to which, this technique will be able to prevent SQL Injection Attack totally.
  • 17.
    REFERENCES [1] Priyanka, VijayKumar Bohat, (April 2013) ’Detection of SQL Injection Attack and Various Prevention Strategies’, International Journaand Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-2, Issue-4. [2] Sonam Panda, 1 Ramani S2,(Jan-Feb.2013),’Protection of Web Application against Sql Injection Attacks ‘, International Journal of Modern Engineering Research (IJMER) Vol.3, Issue.1, pp-166-168 ISSN: 2249-6645. [3] Mihir Gandhi, JwalantBaria,( January 2013)’SQL INJECTION Attacks in Web Application’International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-6. [4] By Mayank Namdev*, Fehreen Hasan, Gaurav Shrivastav(July 2012) ‘Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA”Volume 2, Issue 7. [5] Shubham Srivastava1, Rajeev Ranjan Kumar Tripathi, ‘Attacks Dueto SQL Injection & Their Prevention Method for Web-Application (IJCSIT) International Journal of Computer Science and InformationTechnologies, Vol. 3 (2) , 2012,3615-3618. [6] Indrani Balasundaram, E.Ramaraj,’An Authentication Scheme forPreventing SQL injection Attack using Hybrid Encryption’ (ISSN 1450-216,2011, Vol.53,pp.359-368. [7] AtefehTajpour et al. ‘Evaluation of SQL Injection Detetion andPrevention Techniques’ Second International Conference onComputational Intelligence, 2010. [8] Shaukat Ali, Azhar Rauf, Huma Javed,’SQLIPA: An Authentication Mechanism Against SQL Injection’, European Journal of Scientific Research ISSN 1450-216X Vol.38 No.4 (2009), pp 604-611. [9] Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour,( September 2013) ‘Study of SQL Injection Attacks and Countermeasures’, International Journal of Computer and Communication Engineering, Vol. 2, No. 5. [10] W. G. Halfond, J. Viegas, and A. Orso , ‘A Classification of SQLInjection Attacks and Countermeasures,’ in Proc. the International Symposium on Secure Software Engineering 2006.
  • 18.