An authentication mechanism to prevent SQL injection by syntactic analysis

Ashwin Ramesh, Anirban Bhowmick, Anand Vardhan Lal

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

With the growth in web based applications that employ database services, SQL Injection is becoming one of the repeatedly used exploits. It permits an intruder to gain control over the database of an application, thereby able to read and modify confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Also, an effective solution is proposed for the prevention of these categories of injection attacks. The authors suggest an approach in which the value entered for every field is checked for an SQL injection attack by parsing it through a grammar that detects SQL injection. If successfully parsed then probably, an SQL injection attack was intended. If not, the entry was legitimate and the database can be coordinated.

Original languageEnglish
Title of host publicationInternational Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781467366670
DOIs
Publication statusPublished - 15-06-2016
Externally publishedYes
Event2015 International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015 - Bangalore, India
Duration: 21-12-201522-12-2015

Conference

Conference2015 International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015
CountryIndia
CityBangalore
Period21-12-1522-12-15

Fingerprint

Syntactics
Authentication
injection
attack
Gain control
grammars
entry

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Control and Systems Engineering
  • Instrumentation

Cite this

Ramesh, A., Bhowmick, A., & Lal, A. V. (2016). An authentication mechanism to prevent SQL injection by syntactic analysis. In International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015 [7492650] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ITACT.2015.7492650
Ramesh, Ashwin ; Bhowmick, Anirban ; Lal, Anand Vardhan. / An authentication mechanism to prevent SQL injection by syntactic analysis. International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015. Institute of Electrical and Electronics Engineers Inc., 2016.
@inproceedings{4f396d199f5042be86eec22005627d6e,
title = "An authentication mechanism to prevent SQL injection by syntactic analysis",
abstract = "With the growth in web based applications that employ database services, SQL Injection is becoming one of the repeatedly used exploits. It permits an intruder to gain control over the database of an application, thereby able to read and modify confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Also, an effective solution is proposed for the prevention of these categories of injection attacks. The authors suggest an approach in which the value entered for every field is checked for an SQL injection attack by parsing it through a grammar that detects SQL injection. If successfully parsed then probably, an SQL injection attack was intended. If not, the entry was legitimate and the database can be coordinated.",
author = "Ashwin Ramesh and Anirban Bhowmick and Lal, {Anand Vardhan}",
year = "2016",
month = "6",
day = "15",
doi = "10.1109/ITACT.2015.7492650",
language = "English",
booktitle = "International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

Ramesh, A, Bhowmick, A & Lal, AV 2016, An authentication mechanism to prevent SQL injection by syntactic analysis. in International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015., 7492650, Institute of Electrical and Electronics Engineers Inc., 2015 International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015, Bangalore, India, 21-12-15. https://doi.org/10.1109/ITACT.2015.7492650

An authentication mechanism to prevent SQL injection by syntactic analysis. / Ramesh, Ashwin; Bhowmick, Anirban; Lal, Anand Vardhan.

International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015. Institute of Electrical and Electronics Engineers Inc., 2016. 7492650.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - An authentication mechanism to prevent SQL injection by syntactic analysis

AU - Ramesh, Ashwin

AU - Bhowmick, Anirban

AU - Lal, Anand Vardhan

PY - 2016/6/15

Y1 - 2016/6/15

N2 - With the growth in web based applications that employ database services, SQL Injection is becoming one of the repeatedly used exploits. It permits an intruder to gain control over the database of an application, thereby able to read and modify confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Also, an effective solution is proposed for the prevention of these categories of injection attacks. The authors suggest an approach in which the value entered for every field is checked for an SQL injection attack by parsing it through a grammar that detects SQL injection. If successfully parsed then probably, an SQL injection attack was intended. If not, the entry was legitimate and the database can be coordinated.

AB - With the growth in web based applications that employ database services, SQL Injection is becoming one of the repeatedly used exploits. It permits an intruder to gain control over the database of an application, thereby able to read and modify confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Also, an effective solution is proposed for the prevention of these categories of injection attacks. The authors suggest an approach in which the value entered for every field is checked for an SQL injection attack by parsing it through a grammar that detects SQL injection. If successfully parsed then probably, an SQL injection attack was intended. If not, the entry was legitimate and the database can be coordinated.

UR - http://www.scopus.com/inward/record.url?scp=84979233693&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84979233693&partnerID=8YFLogxK

U2 - 10.1109/ITACT.2015.7492650

DO - 10.1109/ITACT.2015.7492650

M3 - Conference contribution

AN - SCOPUS:84979233693

BT - International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Ramesh A, Bhowmick A, Lal AV. An authentication mechanism to prevent SQL injection by syntactic analysis. In International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015. Institute of Electrical and Electronics Engineers Inc. 2016. 7492650 https://doi.org/10.1109/ITACT.2015.7492650