Paper Title
An Efficient Technique for Finding SQL Injection using Reverse Proxy Server
Abstract
One of the most serious threats to the data driven applications is SQL Injection. Web applications that are
vulnerable to SQL injection may permit an invader to gain ample access to their underlying databases. A SQL Injection
Attack sometimes starts with identifying weaknesses in the applications where unrestricted users’ input is transformed into
database queries. There are several ways of detecting and preventing SQLIA such as Hybrid Method, Decision Tree
Classification, Hidden Markov Model, Removing of parameter values, Dynamic SQL, Stored Procedure. For each
Technique it is not possible to detect and prevent all the types of SQL Injection attack. By exploiting vulnerabilities in web
application, an invader can pass through security system even when custom firewall and IDS systems are placed to secure
the application. Reverse Proxy could be a technique which sanitize the user’s inputs. In this technique a filter program will
redirects the user’s input to the proxy server before it is sent to the application server and data cleansing algorithm is
triggered using a sanitizing application. The data cleansing algorithm uses sanitization to check whether the user input
contains malicious code or not. If malicious patterns are found, then the user input request is rejected otherwise it is been
passed to application server.
Keywords - SQL Injection, SQL Attack, Cross Site Script, Security Threats, Run Time Monitoring.
Author - Raj Agarwal, Sumedha Sirsikar
Published : Volume-6,Issue-9 ( Sep, 2019 )
DOIONLINE Number - IJAECS-IRAJ-DOIONLINE-16274
View Here
|
|
| |
|
PDF |
| |
Viewed - 40 |
| |
Published on 2019-11-28 |
|
|
|
|
|
|