An effective method for preventing SQL injection attack and session hijacking

Karis D'silva, J. Vanajakshi, K. N. Manjunath, Srikanth Prabhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Today's world is very much dependent on the web applications, may it be shopping or financial transactions. Providing security to these web applications isvery important. Most of the transaction information or the customer information is stored in the backend databases for these web applications. One of the vulnerabilities of these web applications is SQL (Structured Query Language) injection attack. Also, the web application sessions are prone to session hijacking attack, if the adversary can get hold of the session id. Considering that there are various tools available to retrieve session/HTTP cookies, this makes web applications very vulnerable session hijacking attacks. Though there are many ways proposed to defend the databases against SQL injection attacks, there is no sure shot way to prevent these SQL injection attacks. This project proposes an efficient technique for the prevention of SQL injection attack and session hijacking. The hashing technique is used for implementing the preventionthese attacks.

Original languageEnglish
Title of host publicationRTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages697-701
Number of pages5
Volume2018-January
ISBN (Electronic)9781509037049
DOIs
Publication statusPublished - 12-01-2018
Event2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, RTEICT 2017 - Bangalore, India
Duration: 19-05-201720-05-2017

Conference

Conference2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, RTEICT 2017
CountryIndia
CityBangalore
Period19-05-1720-05-17

Fingerprint

air piracy
query languages
Query languages
Query Language
attack
transaction
Web Application
Injection
Attack
injection
vulnerability
customer
Transactions
HTTP
World Wide Web
Hashing
Vulnerability
shot
Customers

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Media Technology
  • Control and Optimization
  • Instrumentation
  • Transportation
  • Communication

Cite this

D'silva, K., Vanajakshi, J., Manjunath, K. N., & Prabhu, S. (2018). An effective method for preventing SQL injection attack and session hijacking. In RTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings (Vol. 2018-January, pp. 697-701). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/RTEICT.2017.8256687
D'silva, Karis ; Vanajakshi, J. ; Manjunath, K. N. ; Prabhu, Srikanth. / An effective method for preventing SQL injection attack and session hijacking. RTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings. Vol. 2018-January Institute of Electrical and Electronics Engineers Inc., 2018. pp. 697-701
@inproceedings{8d8d6f360bd242b59b85eacba0918ad8,
title = "An effective method for preventing SQL injection attack and session hijacking",
abstract = "Today's world is very much dependent on the web applications, may it be shopping or financial transactions. Providing security to these web applications isvery important. Most of the transaction information or the customer information is stored in the backend databases for these web applications. One of the vulnerabilities of these web applications is SQL (Structured Query Language) injection attack. Also, the web application sessions are prone to session hijacking attack, if the adversary can get hold of the session id. Considering that there are various tools available to retrieve session/HTTP cookies, this makes web applications very vulnerable session hijacking attacks. Though there are many ways proposed to defend the databases against SQL injection attacks, there is no sure shot way to prevent these SQL injection attacks. This project proposes an efficient technique for the prevention of SQL injection attack and session hijacking. The hashing technique is used for implementing the preventionthese attacks.",
author = "Karis D'silva and J. Vanajakshi and Manjunath, {K. N.} and Srikanth Prabhu",
year = "2018",
month = "1",
day = "12",
doi = "10.1109/RTEICT.2017.8256687",
language = "English",
volume = "2018-January",
pages = "697--701",
booktitle = "RTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

D'silva, K, Vanajakshi, J, Manjunath, KN & Prabhu, S 2018, An effective method for preventing SQL injection attack and session hijacking. in RTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings. vol. 2018-January, Institute of Electrical and Electronics Engineers Inc., pp. 697-701, 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, RTEICT 2017, Bangalore, India, 19-05-17. https://doi.org/10.1109/RTEICT.2017.8256687

An effective method for preventing SQL injection attack and session hijacking. / D'silva, Karis; Vanajakshi, J.; Manjunath, K. N.; Prabhu, Srikanth.

RTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings. Vol. 2018-January Institute of Electrical and Electronics Engineers Inc., 2018. p. 697-701.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - An effective method for preventing SQL injection attack and session hijacking

AU - D'silva, Karis

AU - Vanajakshi, J.

AU - Manjunath, K. N.

AU - Prabhu, Srikanth

PY - 2018/1/12

Y1 - 2018/1/12

N2 - Today's world is very much dependent on the web applications, may it be shopping or financial transactions. Providing security to these web applications isvery important. Most of the transaction information or the customer information is stored in the backend databases for these web applications. One of the vulnerabilities of these web applications is SQL (Structured Query Language) injection attack. Also, the web application sessions are prone to session hijacking attack, if the adversary can get hold of the session id. Considering that there are various tools available to retrieve session/HTTP cookies, this makes web applications very vulnerable session hijacking attacks. Though there are many ways proposed to defend the databases against SQL injection attacks, there is no sure shot way to prevent these SQL injection attacks. This project proposes an efficient technique for the prevention of SQL injection attack and session hijacking. The hashing technique is used for implementing the preventionthese attacks.

AB - Today's world is very much dependent on the web applications, may it be shopping or financial transactions. Providing security to these web applications isvery important. Most of the transaction information or the customer information is stored in the backend databases for these web applications. One of the vulnerabilities of these web applications is SQL (Structured Query Language) injection attack. Also, the web application sessions are prone to session hijacking attack, if the adversary can get hold of the session id. Considering that there are various tools available to retrieve session/HTTP cookies, this makes web applications very vulnerable session hijacking attacks. Though there are many ways proposed to defend the databases against SQL injection attacks, there is no sure shot way to prevent these SQL injection attacks. This project proposes an efficient technique for the prevention of SQL injection attack and session hijacking. The hashing technique is used for implementing the preventionthese attacks.

UR - http://www.scopus.com/inward/record.url?scp=85046262358&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85046262358&partnerID=8YFLogxK

U2 - 10.1109/RTEICT.2017.8256687

DO - 10.1109/RTEICT.2017.8256687

M3 - Conference contribution

AN - SCOPUS:85046262358

VL - 2018-January

SP - 697

EP - 701

BT - RTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

D'silva K, Vanajakshi J, Manjunath KN, Prabhu S. An effective method for preventing SQL injection attack and session hijacking. In RTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings. Vol. 2018-January. Institute of Electrical and Electronics Engineers Inc. 2018. p. 697-701 https://doi.org/10.1109/RTEICT.2017.8256687