Framework of SQL Injection Attack
Neha Patwari, Parvati Bhurani
TL;DR
This paper presents a novel parser-based framework utilizing context-free grammars and compiler techniques to detect and prevent SQL Injection Attacks in web applications, enhancing database security.
Contribution
It introduces a SQLI Prevent Parser that analyzes query structures for equivalence, offering a dynamic and effective method to prevent SQL Injection Attacks.
Findings
Successfully applied on a sample web application
Positive results in detecting and preventing SQL Injection Attacks
Demonstrated effectiveness of parser-based approach
Abstract
With the changing demographics of globalization, the emergence and prevalence of web application have acquired a central and pivotal role in the domains of technology and advancements. It thus becomes imperative to probe deeply into the architecture, significance and different facets of usages. Web applications enclose the functioning between a user and the services provided by the server, which contains a database as its backend. The user can access the required information through sending a request in the form of text to the web server, which is interpreted by the server side script to construct an SQL. The query is sent to the database which responds in order to generate an HTML page that is sent back to the user. Since the functioning of web application is a dynamic and complicated matter, certain threats to the database security have been registered. One such alarming threat is the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Security and Verification in Computing · Digital and Cyber Forensics