Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Security in Computing and Communication

SSCC 2014: Security in Computing and Communications pp 400–406Cite as

SQL FILTER – SQL Injection Prevention and Logging Using Dynamic Network Filter

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 467))

Abstract

Web has become buzz word for business in recent times. With the increase in attacks, web database applications become more vulnerable. Structure Query Language is most commonly used for database attack. As per the Open Web Application Security Project (OWASP) the top 5 attacks out of 10 are related to Structured Query Language (SQL). Database attack solutions fall into two category: Defensive coding and filters. The focus of such attacks is on data manipulation, steal and by pass authorization. In this paper authors have prepared a Dynamic Network filter to detect and prevent database attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OWASP Top Ten projects, https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project (accessed May 31, 2014)

  2. Godbole, N., Belapure, S.: Cyber Security – understanding Cyber Crimers, Computer Forensics and Legal Perspectives, pp. 495–499, 165–170. Wiley, India (2011)

    Google Scholar 

  3. The 2013 Data Breach Investigations Report: http://www.verizonenterprise.com/DBIR/2013/ , Verizon

  4. Lesov, P.: How the database security controls adapted to threats over the last 30 years. University of Minnesota, CS 8701 (Fall 2008)

    Google Scholar 

  5. Internet User World Statistics: http://www.internetworldstats.com/stats.htm (visited September 5, 2013)

  6. Tajpour, A., Masrom, M., Heydari, M.Z., Ibrahim, S.: SQL injection detection and prevention tools assessment. In: Proc. of ICCSIT 2010, July 9-11, vol. 9, pp. 518–522 (2010)

    Google Scholar 

  7. Halfond, W.G., Viegas, J., Orso, A.: A Classification of SQLInjection Attacks and Countermeasures. In: Proc. of the Intl. Symposium on Secure Software Engineering (March 2006)

    Google Scholar 

  8. Martin, M., Livshits, B., Lam, M.S.: Finding Application Errors and Security Flaws Using PQL: A Program Query Language. In: Proceedings of the 20th Annual ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA 2005), pp. 365–383 (2005)

    Google Scholar 

  9. Tajpour, A., Ibrahim, S., Sharifi, M.: Web Application Security by SQL Injection DetectionTools. IJCSI International Journal of Computer Science Issues 9(2(3)) (March 2012)

    Google Scholar 

  10. Halfond, W.G., Orso, A.: AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In: Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005), Long Beach, CA, USA (November 2005)

    Google Scholar 

  11. Abdoulaye, D., Pathan, A.-S.K.: A Survey on SQL Injection: Vulnerabilities, attacks AND Prevention Techniques. In: IEEE 15th International Symposiam on Consumer Electronics (2011)

    Google Scholar 

  12. Tajpour, A., Massrum, M., Heydari, M.Z.: Comparison of SQL Injection Detection and Prevention Techniques. In: 2nd International Conference on Education Technology and Computer, ICETC (2012)

    Google Scholar 

  13. Sunitha, K.V.N., Sridevi, M.: Automated Detection System for SQL Injection Attack. IJCSS 4(4)

    Google Scholar 

  14. Sravanthi, A., Jayasree Devi, K., Sudha Reddy, K., Indira, A., Satish Kumar, V.: Detecting sql injections from web applications. [IJESAT] International Journal of Engineering Science & Advanced Technology 2(3), 664–671

    Google Scholar 

  15. Johri, R., Sharma, P.: A Survey on Web Application Vulnerabilities (SQLIA and XSS) Exploitation and Security Engine for SQL Injection. IEEE (2012)

    Google Scholar 

  16. Alneyadi, S., Sithirasenan, E., Muthukkumarasamy, V.: Word N-Gram Based Classification for Data Leakage Prevention. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 578–585 (2013)

    Google Scholar 

  17. Singh, N., Purwar, R.K.: SQL Injections – A Hazard to Web Applications. IJARCSSE 2(6) (June 2012) ISSN: 2277 128X

    Google Scholar 

  18. Shabtai, A., et al.: A Survey of Data Leakage Detection and Prevention Solutions. Springer Briefrs in Computer Science (2012), doi: 10.1007/978-1-4614-2053-8_1

    Google Scholar 

  19. http://www.cert.org

  20. http://www.netcraft.com

  21. http://www.modsecurity.org

  22. http://www.greensql.com

  23. http://www.snort.org

  24. https://code.google.com/p/apache-scalp/

Download references

Author information

Authors and Affiliations

  1. LJ Institute of Management Studies, Ahmedabad, India

    Jignesh C. Doshi

  2. GLS Institute of Computer Technology, Ahmedabad, India

    Maxwell Christian & Bhushan H. Trivedi

Authors
  1. Jignesh C. Doshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maxwell Christian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bhushan H. Trivedi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Integrated Management Coastal Research Institute (IGIC), Universitat Politècnica de València, Grao de Gandia, 46033, Vaencia, Spain

    Jaime Lloret Mauri

  2. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  3. Department of Electrical Engineering, Georgia Southern University, 8045, 30460, Statesboro, Georgia, USA

    Danda B. Rawat

  4. Chrysler Group LLC, 48326, Auburn Hills, MI, USA

    Di Jin

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Doshi, J.C., Christian, M., Trivedi, B.H. (2014). SQL FILTER – SQL Injection Prevention and Logging Using Dynamic Network Filter. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-44966-0_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-44965-3

  • Online ISBN: 978-3-662-44966-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation