Advertisement
Published in:
01-02-2015 | Original Paper
MAC based solution for SQL injection
Published in: Journal of Computer Virology and Hacking Techniques | Issue 1/2015
Log inActivate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Abstract
With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers’ lack of knowledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable asset in any organization. SQL injection is an attack technique used to exploit code by altering back-end SQL statements through manipulating input. An attacker can directly compromise the database, that’s why this is a most threatening attack. SQL injection attack occupies first position in top ten vulnerabilities as specified by Open Web Application Security Project [12]. It is probably the most common Website vulnerability today! Current scenarios which provide solutions to SQL injection attack either have limited scope i.e. can’t be implemented in all platforms or do not cover all types of SQL injection attacks. In this work we implement Detection Block model against SQL injection attacks. The model works both on client and server side. Client side implements a filter function and server side is based on information theory. MAC static and dynamic query which is derived from entropy is compared to detect an attack.