An authentication mechanism to prevent SQL injection by syntactic analysis

Ashwin Ramesh, Anirban Bhowmick, Anand Vardhan Lal

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

With the growth in web based applications that employ database services, SQL Injection is becoming one of the repeatedly used exploits. It permits an intruder to gain control over the database of an application, thereby able to read and modify confidential data. This paper illustrates few different forms of SQL injection and based on observation, it is seen that SQL Injection is interpreted differently on different databases. Also, an effective solution is proposed for the prevention of these categories of injection attacks. The authors suggest an approach in which the value entered for every field is checked for an SQL injection attack by parsing it through a grammar that detects SQL injection. If successfully parsed then probably, an SQL injection attack was intended. If not, the entry was legitimate and the database can be coordinated.

Original languageEnglish
Title of host publicationInternational Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781467366670
DOIs
Publication statusPublished - 15-06-2016
Externally publishedYes
Event2015 International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015 - Bangalore, India
Duration: 21-12-201522-12-2015

Conference

Conference2015 International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015
CountryIndia
CityBangalore
Period21-12-1522-12-15

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Control and Systems Engineering
  • Instrumentation

Fingerprint Dive into the research topics of 'An authentication mechanism to prevent SQL injection by syntactic analysis'. Together they form a unique fingerprint.

  • Cite this

    Ramesh, A., Bhowmick, A., & Lal, A. V. (2016). An authentication mechanism to prevent SQL injection by syntactic analysis. In International Conference on Trends in Automation, Communication and Computing Technologies, I-TACT 2015 [7492650] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ITACT.2015.7492650