Network Security Threat Vulnerability Prevention System For SQL Injection Attack

Abstract

Over the past decade, the web has been embraced by millions of businesses as an inexpensive channel to communicate and exchange information with prospects and transactions with customers. Web applications are computer programs allowing website visitors to submit and retrieve data to or from a database over the Internet using their preferred web browser. The data is then presented to the user within their browser as information is generated dynamically (in a specific format, e.g. in HTML using CSS) by the web application through a web server. Due to feature of web application, it is possible to perform various attacks against web applications. SQL injection is one of the oldest, most dangerous of web application vulnerabilities. Attackers can execute malicious SQL command that allow them to control a web application database. It lets attackers access or delete data and change application database. SQL injection vulnerability could affect any website or web application and it occurs when an application uses untrusted data. SQL injection, also known as SQLIA, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details. SQL injection can have the impact on a business.A successful attack may result in the unauthorized viewing user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business. In this thesis we have proposed filter mechanism to prevent SQL Injection in a web application and we designed SQLIA signature pattern Filter which we have placed in between the user and the application server to intercept the entire request coming from the user. The filter program analyzes the input data to detect attack patterns. If any pattern matches with the attack signature then it redirects the request to the page which display error iii message. Our filter approach has been implemented successfully and fully able to fix SQLIA vulnerabilities. The evaluation of performance and implementation of the proposed SQLIA prevention system are made with PHP server scripting language. The results obtained by the implementation and evaluation are measured in number of test cases. The result shows that the output is encouraging and further refinement of the work can produce more robust and reliable SQLIA prevention system.