SQLIVD - AOP: Preventing SQL Injection Vulnerabilities Using Aspect Oriented Programming through Web Services

Security remains a major threat to the entire Web for many kinds of transactions. Most of the threats are created through application level vulnerabilities and have been exploited with serious consequences. Among the various types of application level vulnerabilities, command injection is the most common type of threat in web applications. Among command injection attack, SQL injection type of attacks are extremely prevalent, and ranked as the second most common form of attack on web. SQL injection attacks involve the construction of application’s input data that will result in the execution of malicious SQL statements. Hence, this paper (SQLIVD-AOP) proposes a mechanism to intercept SQL statements without any modification of an application using Aspect Oriented Programming and to analyze the query for its legitimacy, and to customize the errors. This mechanism is different from others by query interception and separation of the main scripting code with SQL injection code. The SQL validations and injection detections code are implemented by means of web services.