期刊名称:International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN:2320-9798
电子版ISSN:2320-9801
出版年度:2015
卷号:3
期号:3
DOI:10.15680/ijircce.2015.0303129
出版社:S&S Publications
摘要:SQL injection is a technique where the attacker injects an input in the query in order to change thestructure of the query intended by the programmer and gaining the access of the database which results modification ofthe user‘s data. In the SQL injection it exploits a security vulnerability of data occurring in database layer of anapplication. SQL injection attack is the most common attack in websites in these days. Some malicious codes getinjected to the database by unauthorized users and get the access of the database due to lack of input validation. Inputvalidation is the most critical part of software security that is not properly covered in the design phase of softwaredevelopment life-cycle resulting in many security vulnerabilities. This paper presents the techniques for detection andprevention of SQL injection attack. There are no full proof defences available against such type of attacks. In this papersome predefined method of detection and modern techniques are discussed. This paper also describes countermeasuresof SQL injection..
关键词:Web Application; SQLIA; detection; prevention; vulnerabilities; and web architecture
