2011 | OriginalPaper | Chapter
SQLIVD - AOP: Preventing SQL Injection Vulnerabilities Using Aspect Oriented Programming through Web Services
Authors : V. Shanmughaneethi, Ra. Yagna Pravin, C. Emilin Shyni, S. Swamynathan
Published in: High Performance Architecture and Grid Computing
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Security remains a major threat to the entire Web for many kinds of transactions. Most of the threats are created through application level vulnerabilities and have been exploited with serious consequences. Among the various types of application level vulnerabilities, command injection is the most common type of threat in web applications. Among command injection attack, SQL injection type of attacks are extremely prevalent, and ranked as the second most common form of attack on web. SQL injection attacks involve the construction of application’s input data that will result in the execution of malicious SQL statements. Hence, this paper (SQLIVD-AOP) proposes a mechanism to intercept SQL statements without any modification of an application using Aspect Oriented Programming and to analyze the query for its legitimacy, and to customize the errors. This mechanism is different from others by query interception and separation of the main scripting code with SQL injection code. The SQL validations and injection detections code are implemented by means of web services.