Prevention of Website SQL Injection Using a New Query Comparison and Encryption Algorithm
Keywords:
SQL Injection, Prevention, Character Spacing, SQLPMDS, SIUQAPTT, Bind SQL InjectionAbstract
Nowadays, a web application has become necessary in all organizations. Which deals directly with the databases in which data and information are stored, organized, retrieved, and processed. Therefore, most of its attacks are on databases. Therefore, web applications must be secure enough to prevent access to customs databases, destruction, and theft of bank accounts and transactions. Thus, most SQL injection attacks are carried out through character spacing, as it is the tool used by hackers to find a vulnerability on the web. This paper proposes a new algorithm to prevent hackers from accessing databases early on through the web application without accessing databases. The proposed algorithm is designed to protect the web application from being voluntarily inserted by using a bind parameter, blocking the hacker's address, and rejecting his request when executing the query. Also, this algorithm is designed to work in more than one layer, as it works at the web application and URL levels so that things are sufficiently protected. The comparison was made with the algorithms SQLPMDS, SIUQAPTT, and blind SQL injection, and the results showed that the presented algorithm gave better results based on more than one measure.
Downloads
References
Bayyapu, N., SQL Injection Attacks and Mitigation Strategies: The Latest Comprehension, in Advances in Cybersecurity Management, K. Daimi and C. Peoples, Editors. 2021, Springer International Publishing: Cham. p. 199-220.
Chen, D., et al., SQL Injection Attack Detection and Prevention Techniques Using Deep Learning. Journal of Physics: Conference Series, 2021. 1757(1): p. 012055.
Marashdeh, Z., K. Suwais, and M. Alia. A Survey on SQL Injection Attack: Detection and Challenges. in 2021 International Conference on Information Technology (ICIT). 2021.
Latchoumi, T.P., M.S. Reddy, and K. Balamurugan, Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention. European Journal of Molecular & Clinical Medicine, 2020. 7(2): p. 3543-3553.
Voitovych, O.P., O.S. Yuvkovetskyi, and L.M. Kupershtein. SQL injection prevention system. in 2016 International Conference Radio Electronics & Info Communications (UkrMiCo). 2016.
Shanmughaneethi, V., et al., SQLIVD - AOP: Preventing SQL injection vulnerabilities using aspect oriented programming through web services. Vol. 169. 2011. 327-337.
Lu, D., et al. A GAN-based Method for Generating SQL Injection Attack Samples. in 2022 IEEE 10th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). 2022.
Nikita, P., Fahim, and S. Soni, SQL Injection Attacks: Techniques and Protection Mechanisms. International Journal on Computer Science and Engineering, 2011. 3.
Singh, N. and P. Tiwari. SQL Injection Attacks, Detection Techniques on Web Application Databases. in Rising Threats in Expert Applications and Solutions. 2022. Singapore: Springer Nature Singapore.
Kar, D. and S. Panigrahi, Prevention of SQL Injection attack using query transformation and hashing. 2013. 1317-1323.
Raut, S., et al., A Review on Methods for Prevention of SQL Injection Attack. International Journal of Scientific Research in Science and Technology, 2019: p. 463-470.
Kini, S., et al. SQL Injection Detection and Prevention using Aho-Corasick Pattern Matching Algorithm. in 2022 3rd International Conference for Emerging Technology (INCET). 2022.
Harefa, J., et al., SEA WAF: The Prevention of SQL Injection Attacks on Web Applications. Advances in Science, Technology and Engineering Systems Journal, 2021. 6: p. 405-411.
Ojagbule, O., H. Wimmer, and R.J. Haddad. Vulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP. in SoutheastCon 2018. 2018.
McWhirter, P.R., et al., SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel. Journal of Information Security and Applications, 2018. 40: p. 199-216.
Chaki, S.M.H., M. Mat Din, and M. Md Siraj, Integration of SQL Injection Prevention Methods. International Journal of Innovative Computing, 2019. 9(2).
Maheshwarkar, B. and N. Maheshwarkar, SIUQAPTT: SQL Injection Union Query Attacks Prevention Using Tokenization Technique. 2016. 1-4.
Binu, S. and A. Albert, Proposed Method for SQL Injection Detection and its Prevention. 2018.
Aljebry, A.F., Y.M. Alqahtani, and N. Sulaiman. Analyzing Security Testing Tools for Web Applications. in International Conference on Innovative Computing and Communications. 2022. Singapore: Springer Singapore.
Yenduri, R. and M. Al-khassaweneh. PHP: Vulnerabilities and Solutions. in 2022 2nd International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC). 2022.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.