Improvements to real-time techniques used to protect Web Applications from SQL injections attacks
Session
Computer Science and Communication Engineering
Description
SQL injection is a prevalent technique that attackers appoint to impose the database in the most of web applications, by manipulate the SQL queries that send to Relational Database Management System (RDBMS). The aim is to obtain confidential information found in the underlying database, or to change the registered data and to destroy either the database or the server into which these data are registered. Many techniques are proposed over the years, as efficient web application SQL injection preventer, using the datasets. In this presentation, we are considering the one such web based attack and its prevention technique in real time web applications as well as presenting the ways to implement same approach for binary applications. The presentation extend some previously techniques, using real time based on positive tainting, accurate and efficiency taint propagation, and syntax aware evaluation of the query strings. These techniques works in real time environment at the application level to detect illegal queries before they reach at the database. They includes three preventive mechanisms like parameterized stored procedures, customized error messages, and encryption stored procedures in the SQL server.
Keywords:
SQL Injection, Web Applications, Security, Database
Session Chair
Felix Breitenecker
Session Co-Chair
Edmond Jajaga
Proceedings Editor
Edmond Hajrizi
ISBN
978-9951-437-69-1
Location
Pristina, Kosovo
Start Date
27-10-2018 3:15 PM
End Date
27-10-2018 4:45 PM
DOI
10.33107/ubt-ic.2018.95
Recommended Citation
Beta, Dhori, "Improvements to real-time techniques used to protect Web Applications from SQL injections attacks" (2018). UBT International Conference. 95.
https://knowledgecenter.ubt-uni.net/conference/2018/all-events/95
Improvements to real-time techniques used to protect Web Applications from SQL injections attacks
Pristina, Kosovo
SQL injection is a prevalent technique that attackers appoint to impose the database in the most of web applications, by manipulate the SQL queries that send to Relational Database Management System (RDBMS). The aim is to obtain confidential information found in the underlying database, or to change the registered data and to destroy either the database or the server into which these data are registered. Many techniques are proposed over the years, as efficient web application SQL injection preventer, using the datasets. In this presentation, we are considering the one such web based attack and its prevention technique in real time web applications as well as presenting the ways to implement same approach for binary applications. The presentation extend some previously techniques, using real time based on positive tainting, accurate and efficiency taint propagation, and syntax aware evaluation of the query strings. These techniques works in real time environment at the application level to detect illegal queries before they reach at the database. They includes three preventive mechanisms like parameterized stored procedures, customized error messages, and encryption stored procedures in the SQL server.