SQLI Attacks: Current State and Mitigation in SDLC

Kaur, Daljit; Kaur, Parminder

doi:10.1007/978-981-10-3153-3_67

Daljit Kaur¹⁸ &
Parminder Kaur¹⁹

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 515))

1150 Accesses
1 Citations

Abstract

The SQL injection is a predominant type of attack and threat to web applications. This attack attempts to subvert the relationship between a webpage and its supporting database. Due to widespread availability of valuable data and automated tools on web, attackers are motivated to launch high profile attacks on targeted websites. This paper is an effort to know the current state of SQL injection attacks. Different Researchers have proposed various solutions to address SQL injection problems. In this research work, those countermeasures are identified and applied to a vulnerable application and database system, then result are illustrated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

SQL Inject Prevention cheat sheet, https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet.
Protecting Websites from advanced and automated SQL injection, http://www.imperva.com/docs/WP_SQL_Injection20.pdf.
Torgby. W.K, Asabere, N.Y. Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies. International Journal of Computer applications Vol. 71-No.11. 29–40.ISSN: 0975-8887. (2013).
Google Scholar
Kaur D, Kaur P. Empirical Analysis of Web Attacks. In Procedia of Computer Science. Elsevier Publications. DOI:10.1016/j.procs.2016.02.057 (2016).
XAMPP, https://en.wikipedia.org/wiki/XAMPP.
Muniz J., Lakhani A. Web Penetration Testing with Kali Linux. PACKT Publishing. MUMBAI-India. (2013).
Google Scholar
Gandhi M. and Baria J. SQL Injection Attacks in Web Application. International Journal of Soft computing and Engineering (IJSCE), Vol 2, Issue 6. 189–191. ISSN:2231-2307. (2013.).
Google Scholar
Parmar.G. and Mathur K. Proposed Preventive measures and strategies Against SQL injection Attacks. Indian Journal of Applied Research, Vol. 5, Issue 5. 664–671. ISSN- 2249555X. (2015).
Google Scholar
SQL Injection, https://www.us-cert.gov/sites/default/files/publications/sql200901.pdf.
Madan.S. and Madan S. Bulwark Against SQL Injection attack – An Unified Approach. International Journal of Computer Science and Network Security(IJCSNS), Vol. 10 No.5. 305–313. (2010).
Google Scholar
Steps to Protect your Websites from SQL Injection attacks, https://www.whitehatsec.com/resource/whitepapers/SQL.html.
Mahapatra and Khan. S. A Survey of SQL Injection Countermeasures, International Journal of Computer science & engineering (IJCSES) Vol. 3, No.3. 55–74. DOI:10.5121/ijcses.2012.3305 55. (2012).
Kalaria S. and Vivekanandan. M. Dark Side of SQL Injection. In the proceedings of ASAR International Conference, Bangalore. 67–72. ISBN: 978-81-927147-0-7. (2013).
Google Scholar
Helford. W, Viegas. J. and Orso. A. 2006. A Classification of SQL Injection attacks and countermeasures. In the proceedings of the International symposium on secure software Engineering. Washington, USA (2006).
Google Scholar
Gollmann. D. Securing Web Applications. Article in ELSEVIER Information Security Technical Report Volume 13 Issue1. Elsevier Advanced Technology Publications Oxford, UK. 1–9.DOI:10.1016/j.istr.2008.02.002.
Aggarwal. U, Saxena. M. and Rana. K.S. A Survey of SQL Injection attacks. International Journal of Advanced Research in Computer Science and Software Engineering (IJARCSSE), vol. 5, Issue 3. 286–289. ISSN:2277128X. (2015).
Google Scholar

Download references

Author information

Authors and Affiliations

Lyallpur Khalsa College, Jalandhar, India
Daljit Kaur
Guru Nanak Dev University, Amritsar, India
Parminder Kaur

Authors

Daljit Kaur
View author publications
You can also search for this author in PubMed Google Scholar
Parminder Kaur
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daljit Kaur .

Editor information

Editors and Affiliations

ANITS, Prof., Comp. Sci. & Engg. Dept. ANITS, Visakhapatnam, Andhra Pradesh, India
Suresh Chandra Satapathy
Dept. of ECE, Shri Ramswaroop Mem. Group of Prof. Clg Dept. of ECE, Lucknow, Uttar Pradesh, India
Vikrant Bhateja
SCIS, University of Hyderabad , Hyderabad, India
Siba K. Udgata
KIIT University, School of Computer Engineering KIIT University, Bhubaneswar, Odisha, India
Prasant Kumar Pattnaik

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kaur, D., Kaur, P. (2017). SQLI Attacks: Current State and Mitigation in SDLC. In: Satapathy, S., Bhateja, V., Udgata, S., Pattnaik, P. (eds) Proceedings of the 5th International Conference on Frontiers in Intelligent Computing: Theory and Applications . Advances in Intelligent Systems and Computing, vol 515. Springer, Singapore. https://doi.org/10.1007/978-981-10-3153-3_67

Download citation

DOI: https://doi.org/10.1007/978-981-10-3153-3_67
Published: 17 March 2017
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3152-6
Online ISBN: 978-981-10-3153-3
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics