Abstract
With the growth in web based applications that employ database services, SQL Injection is becoming one of the repeatedly used exploits. It permits an intruder to gain control over the database of an application, thereby able to read and modify confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Also, an effective solution is proposed for the prevention of these categories of injection attacks. The authors suggest an approach in which the value entered for every field is checked for an SQL injection attack by parsing it through a grammar that detects SQL injection. If successfully parsed then probably, an SQL injection attack was intended. If not, the entry was legitimate and the database can be coordinated.
| Original language | English |
|---|---|
| Title of host publication | International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| ISBN (Electronic) | 9781467366670 |
| DOIs | |
| Publication status | Published - 15-06-2016 |
| Externally published | Yes |
| Event | 2015 International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015 - Bangalore, India Duration: 21-12-2015 → 22-12-2015 |
Conference
| Conference | 2015 International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015 |
|---|---|
| Country/Territory | India |
| City | Bangalore |
| Period | 21-12-15 → 22-12-15 |
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Hardware and Architecture
- Control and Systems Engineering
- Instrumentation