International Journal of Soft Computing and Engineering (IJSCE)
ISSN: 2231-2307, Volume-3, Issue-1, March 2013
Efficient Solution for SQL Injection Attack
Detection and Prevention
Munqath H. Alattar S.P. Medhane
Associate in Nursing wrongdoer will trick a info server into
Abstract— SQL injection is the most common attack for web running Associate in Nursing whimsical, unauthorized,
applications and widely used exploit by hackers all over the world. unintentional SQL question by piggybacking further SQL
A malicious hacker can do a lot of harm if he wishes to. SQL components on prime of Associate in Nursing existing,
injection is a security vulnerability that occurs in the database predefined question that was meant to be dead by the
layers of an application. SQL injection is a technique to pass SQL
appliance. The online application, that is usually, however not
code into interactive web applications that employ in database
services. The employment of SQL Injection Attacks, can lead to essentially, an internet application, this question is shipped to
the leak of confidential information such as credit card numbers, the application’s info server wherever it's dead.
commercial information & table structure. The attackers can get
the entire schema of the original database and also corrupt it. In II. LITERATURE REVIEW
this paper, we have proposed the Detection Model of SQL
Injection Vulnerabilities and SQL Injection Mitigation
Various techniques are projected for preventing SQL
Framework. These approaches are based on SQL Injection injection attacks:
grammar to identify the SQL Injection vulnerabilities during Boyd, Keromytis-2004 projected SQL and that uses I
software development and SQL Injection Attack on web-based instruction set organization of SQL statement to check SQL
applications. injection attack. It uses a proxy to a append key to SQL
Keywords— SQL Injection; Security Assessment; keyword. A de-randomizing proxy then converts the
vulnerabilities; Pattern Matching, SQL Query. randomized question to correct SQL queries for the info. The
secret is not renowned to the wrongdoer, that the code
I. INTRODUCTION injected by wrongdoer is treated as undefined Keywords and
expressions that cause runtime exceptions and therefore the
SQL Injection could be a variety of injection or attack in a
question isn't sent to info. The disadvantage of this method is
very net application, during which the wrongdoer provides
its complicated configuration and therefore the security of the
Structured Query language (SQL) code to a user input box of
key. If the secret is exposed, wrongdoer will formulate queries
an internet kind to achieve unauthorized and unlimited access.
for winning attack. Russell A. McClure and Ingolf H.
The attacker’s input is transmitted into Associate in Nursing
Kruger- 2005 projected SQL DOM (SQL Domain Object
SQL question in such the simplest way that it'll kind Associate
Model): a collection of categories that area unit
in Nursing SQL code. It’s classified joined of the top-10 2010
strongly-typed to a info schema. It’s supported compile time
net application vulnerabilities veteran by net applications in
checking of dynamic SQL statements. Rather than string
step with OWASP
manipulation, these categories area unit accustomed generate
As shortly because the services of web are rising, all net
SQL statements. We tend to show a way to extract the SQL
applications are relied on the web. Example: on-line banking,
DOM mechanically from Associate in existing info schema,
university admissions, shopping, and numerous government
demonstrate its relevance to unravel the issues, and valuate its
activities. So, we can we will we are able to say that these
performance.
activities are the key element of today’s web Infrastructure.
Ke Wei dynasty et al.-2006 projected a completely unique
Net Applications are the applications which will be accessed
technique to defend against the attacks targeted at hold on
over the web by victimization any applications program that
procedures. This method combines static application code
runs on any software package and design. They need become
analysis with runtime validation to eliminate the prevalence of
omnipresent because of the convenience, flexibility,
such attacks. Within the static half, we tend to style a hold on
handiness, and ability that they supply. Net Applications are
procedure computer program, and for any SQL statement that
susceptible to a spread of recent security threats. SQLIAs are
depends on user inputs, we tend to use this computer program
one in all the foremost vital of such threats. SQLIAs are
to instrument the required statements so as to check the initial
increasing ceaselessly and bouquet terribly serious security
SQL statement structure thereto as well as user inputs. The
risks as a result of they will offer attackers unrestricted access
readying of this method is machine-controlled and used on a
to the info that lie beneath net applications.
need-only basis. We tend to conjointly offer a preliminary
SQL injection could be a code injection technique that
analysis of the results of the technique projected, as
exploits a security vulnerability occurring within the info
performed on many hold on procedures within the SQL
layer of Associate in Nursing application; it's wherever
Server 2005 info.
Cova, Balzarotti et al.-2007 projected Associate in Nursing
anomaly based mostly approach has for the detection of
Manuscript received on March, 2013. volition of net application. They use “Swaddler” for the
Munqath H. Alattar Information Technology Department, College of analysis of the interior state of net applications and notice the
Engineering, BharatiVidyapeeth University, Pune, India. connection between essential points and internal state. By
Prof.S.P. Medhane, Information Technology Department, College of doing this, the Saddler is ready to spot attacks that decide to
Engineering, BharatiVidyapeeth University, Pune, India.
395
� Efficient Solution for SQL Injection Attack Detection and Prevention
bring violation of the meant work flow of an online
application.
Mehdi Kiani et al.-2008 delineate Associate in Nursing Vulnerabilities
Framework\model
anomaly based mostly approach that utilizes the character
distribution of bound sections of communications protocol
requests to observe antecedently unseen SQL injection TO Detect Vulnerabilities (Automation Tools) Return
attacks. Our approach needs no user interaction, and no
modification of, or access to, either the backend info or the
ASCII text file of the net application itself. Our sensible
results recommend that the model projected during this paper TO Detect Vulnerabilities (Authentication)
is superior to existing models at police investigation SQL
injection attacks.
R. Ezumalai and G. A-2009 used a signature based mostly Analysis of Existing Vulnerabilities
technique against SQL Injection Attacks. In this technique,
they used 3 modules to observe security problems. A
observation module that takes input from net Application and
sent to analysis module. Associate in Nursing analysis module Filter the Vulnerabilities Corresponding SQL
Injection Loopholes
that finds out the hotspots from application, it uses Hirschberg
algorithmic program. Hirschberg algorithmic program could
be a string comparison algorithmic program that works on
divide and conquer rule. It stores all the keywords within the Fig. : SQLofInjection
Categorized Detection
SQL Injection Loophole Model
specifications module.
AnkitAnchlia and Sheela Jain-2010 projected a completely
unique approach to check the applications in a very Figure 1: Steps of Attack Detection Framework
comprehensive manner. The approach could be a holistic one;
it tests the system beneath real conditions with none artifacts, STEP 2: HOW TO MITIGATE SQL INJECTION Attack
to avoid potential injection attacks. At Software Andhardware Design Level?
Solution: See fig. SQL Injection Mitigation Framework
STEP 1: the way to notice SQL INJECTION ATTACK? Security Policy Vulnerabilities:
Solution: See fig. SQL Injection Detection Model It is depend on two factors:
Vulnerabilities Framework / Model Security assessment framework at design level
An approach to style a model which can avoid SQL injection Security policy based architecture refinement.
attack Security Assessment Framework at Design Level
A framework that analyze SQL Injection attack on net A framework to assess the security at software design level
applications and info Security Policy Based Architecture Refinement
Automation Tools (To discover Vulnerabilities) Flexibility to enhance update architecture
A tool is employed to discover SQL Injection Attack
loopholes.
To design a model for secure the system or forestall the
system from SQL Injection attack that model additionally
Contain the all parameter that come back beneath the class of
security policies.
Analysis of Existing Vulnerabilities
Examination of User Visible style Flaws.
Mapping existing Vulnerabilities to style call.
Filter the vulnerabilities corresponding SQL Injection
loopholes
To design mechanism to filter all the vulnerabilities relating to
SQL Injection loopholes
Categorize of SQL Injection loopholes
Specify the SQL question code similarly as sort that SQL
injection attack is feasible.
Fig 2: SQL Injection Mitigation Framework
Security style Patterns
Model checking security patterns analyze the structure of
SQL question commands.
Build a program that may check allowable patterns of SQL
statements.
Create a proxy server that may filter SQL commands.
396
� International Journal of Soft Computing and Engineering (IJSCE)
ISSN: 2231-2307, Volume-3, Issue-1, March 2013
Prevent a SQL injection attack to a info exploitation this e.g. SELECT accounts FROM users WHERE
proxy server. login=”UNION
Prove that SQL injection will be prevented exploitation the SELECT cardno from creditcards where
filter developed to figure on the proxy server. AcctNO=100 -- AND pass=” AND pin=
Security patterns at design level In this example there is no login whose value is equal to” ”,
Security Patterns at Architecture Level the first query will return the null set of values, and the second
Implementation of computer code that is hardware freelance query will return the data from the CreditCards table. The
Syntax database will return “cardno” for the account “100”.
To design a model that follows rules and regulation that's Piggybacked Query:
outlined by security policies. In this attack the attacker tries to inject some extra types of
Semantic queries in the original query, named as” piggy-back” This
Define solution mechanism that feels United States a way to technique relies on the server configurations that allow the
follow the protection policies. several different queries with a single string of code. The
Hardware style attacker uses the delimiter”;” for this attack, he adds some
There is no probability of loopholes throughout hardware extra queries after the delimiter and these queries are run on
implementation. the database.
Software style e.g. SELECT accounts FROM users WHERE login=‟ abc‟
No possibilities of loopholes throughout computer code style AND
Types of attacks: Pass=”; drop table users –„AND pin=123
Tautology attacks: After completion of the first query the database would
In Tautology-based attacks the most intention of the assaulter recognize the delimiter that is”;” and lateral will continue
is to create the conditional statements that square measures execution and will try to drop the table users, if the table exists
continuously appraise to true. Assaulter largely uses the then it can destroy the information of that particular table of
wherever clause of the question. Tautology attack is made database.
once the assaulter is ready to come back all the records of the
table or a minimum of is ready to come back one amongst the III. DETECTING SQL INJECTION
records from the information.
In order to shield an online application from SQL Injection
e.g. SELECT accounts FROM users WHERE
attacks, there are two major considerations. Firstly, there's an
Login=”or1=1--AND pass=” AND pin=
excellent want of a mechanism to observe and specifically
In this example the code injected in the conditional (or 1=1)
determine SQL Injection attacks. Secondly, information of
will transfer the WHERE clause in to a tautology and the
SQL Injection Vulnerabilities (SQLIVs) could be securing an
returned set evaluates to a value which will be not null, which
online application. So far, several frameworks are used andor
results the application consider that the user authentication
steered to observe SQLIVs in net applications. Here, we tend
was successful.
to mention the outstanding solutions and their operating ways
Logically incorrect question attacks:
in short.
These varieties of attacks are primarily used for to grasp the
SAFELI - proposes a Static Analysis Framework in Order to
structure of the info and therefore the variety of the backend
observe SQL Injection Vulnerabilities. SAFELI framework
databases. The error messages are useful for aggressor to
aims at distinctive the SQL Injection attacks throughout the
grasp the structure and kind of the info used.
compile-time. This static analysis tool has two main benefits.
Firstly, it wills a White-box Static Analysis and second, it uses
e.g. SELECT accounts FROM users WHERE login=” AND
a Hybrid-Constraint convergent thinker. For the White-box
Pass=” AND pin=convert (int, (select top 1 name from
Static Analysis, the planned approach considers the byte-code
Sysobjects where xtype=‟ u‟ ))
and deals principally with strings. For the Hybrid-Constraint
In this example firstly the query will try to extract the first user
convergent thinker, the strategy implements associate degree
table that is xtype=‟ u‟ .After that the query will try to economical string analysis tool that is ready to traumatize
convert the table name into an integer. The database will give Boolean, number and string variables.
an error due to not a legal type conversion. If we are using the Thomas et al.’s theme - Thomas et al., in suggestion
Microsoft SQL Server then the error will be like “Microsoft automated ready statement generation algorithmic rule to get
OLE DB provider for SQL Server (0x80040E07) Error rid of SQL Injection Vulnerabilities. They implement their
converting nvarchar value ”CreditCards‟ to column of data analysis work mistreatment four open supplies come namely:
type int”. The attacker is able to know that the database used (i) Net-trust, (ii) ITrust, (iii) WebGoat, and (iv) Roller.
is a Microsoft SQL Server database and secondly the value of Supported the experimental results, their ready statement
the string cause the Type conversion to occur. code was able to with success replace ninety four of the
Union Attack: SQLIVs in four open supply comes.
In Union question the assailant uses the union operator. Ruse et al.’s Approach - In, Ruse et al. propose technique
During this the assailant has the entire management of the that uses automatic action generation to observe SQL
second injected question, assailant will use that question to Injection Vulnerabilities. The most plans behind this
retrieve info from any desired table within the information by framework are predicated on making a particular model that
creating the guess of the table names. The results of the union deals with SQL queries mechanically. Adding thereto, the
attack are come within the style of dataset that is results of the approach identifies the connection (dependency) between
mixture of the initial question and therefore the results of the sub-queries. supported the results, the methodology is shown
second question that's union attack question. to be able to specifically determine the causative set and
397
� Efficient Solution for SQL Injection Attack Detection and Prevention
procure eighty fifth and sixty nine reduction severally use the taint markings to distinguish legitimate from malicious
whereas experimenting on few sample examples. queries.
Haixia and Zhihong’s theme - In, Haixia and Zhihong The key feature of Syntax aware evaluation is that it considers
propose a secure information testing style for net applications. the context in which trusted and untrusted data is to make sure
They counsel a couple of things; first off, detection of that all parts of query other than string or numerical ,literals
potential input points of SQL Injection; second, generation of consists only of trusted.
take a look at cases mechanically then finally finding the
information vulnerability by running the take a look at cases V. DRAWBACKS
to form a simulation attack to associate degree application. Draw backs of Defensive coding
The planned methodology is shown to be economical. It is difficult to implement
Roichman and Gudes’s theme - suggests employing It address only a subset of the possible attacks
afine-grained access management to net databases. The The cost and complexity of retrofitting existing code
authors develop a brand new methodology supported Draw backs of Static Analysis
fine-grained access management mechanism. The access to Generate high rates of false positive
the information is supervised and monitored by the intrinsic We can’t find out vulnerabilities introduced at the run time
information access management. This is often an answer to Time consuming, if conducted manually
the vulnerability of the SQL session traceability. Moreover, Draw backs of Traditional Tainting
it's a framework applicable to most information applications. Incompleteness
Shin et al.’s approach –suggests SQLUnitGen, a Incompleteness leads to false negatives
Static-analysis-based tool that changes testing for Identifying Incompleteness may thus leave the application vulnerable to
input manipulation vulnerabilities. The authors apply attacks
SQLUnitGen tool that is compared with FindBugs, a static
analysis tool. The planned mechanism is shown to be VI. CONCLUSION
economical as respect to the very fact that false positive was
fully absent within the experiments. SQL injection attacks area unit a typical technique to attack
SQL-IDS Approach - Kemalis and Tzouramanis in Suggest on web-based applications. The attacker’s area unit used SQL
employing a novel specification-based methodology for the queries for assaultive and therefore these attacks reshape the
detection of exploitations of SQL injection vulnerabilities. SQL queries & thus neutering the behavior of the program for
The planned query-specific detection allowed the system to the advantage of the hacker. For determination this downside,
perform targeted analysis at negligible process overhead we tend to project a SQL Injection Detection Model and SQL
while not manufacturing false positives or false negatives. Injection Mitigation Framework to mitigate the SQL Injection
Attacks (SQLIAs). Once mistreatment this potential
IV. TECHNIQUES resolution throughout software system development and once
development, then we tend to might say that our net
Real Time Based Positive Tainting applications area unit secured from SQL Injection Attacks.
As we studied in, positive Tainting is based on identification
of the trusted data rather than untrusted data. Traditional REFERENCES
Tainting (negative tainting) follows the identification of
[1] William G.J. Halfond, Alessandro Orso, and PanagiotisManolios
untrusted data and here positive and negative tainting differs. (2008): WASP: Protecting Positive Tainting and Syntax-Aware
This conceptual difference has significant implications for the Evaluation .IEEE Transactions on Software Engineering, Vol. 34,
effectiveness of our approach, in that it helps address No. 1
problems caused by incompleteness in the identification of [2] Zhendong Su and Gary Wassermann (2006): The Essence of
Command Injection Attacks in Web Applications. In ACM
relevant data to be marked. Incompleteness leaves the Web Symposium on Principles of Programming Languages (POPL)
Application vulnerable to SQL injection attacks. In negative [3] “top ten most critical web application vulnerabilities”, OWASP
tainting detection of attacks is very difficult. Hence we use Foundation,
positive tainting in our approach. Identifying trusted data in http://www.owasp.org/documentation/topten.html, 2005.
[4] S.V. Shanmughaneethi, S.C. E. Shyni, and S. Swamynathan (2009):
Web Application is often straight forward and always less SBSQLID: Securing Web Applications with Service Based SQL
error prone. Here positive tainting will directly sense the real Injection Detection. IEEE Conference, Computer Society, pp.
time traffic from set of input web applications. 702-704.
Accurate as well as Efficient Taint Propagation [5] H. Shahriar and M. Zulkernine (2008): MUSIC: Mutation-based SQL
Injection Vulnerability Checking. The Eighth International
Taint Propagation is carried at runtime. It consists of Conference on Quality Software, IEEE Computer Society
identifying taint markings associated with data, while the data [6]
is used and manipulated by users at runtime. Taint http://www.owasp.org/index.php/Top_10_2010-A1-Injection,retri
Propagation needs to be carried out accurately otherwise it eve on 13/01/2010
[7] K. Kemalis, and T. Tzouramanis (2008). SQL-IDS: A
would cause the data to be misused. Our approach consists of:
Specification-based Approach for SQLinjection Detection. SAC’08.
1) Identifying taint markings at correct level of granularity Fortaleza, Ceará, Brazil, ACM: pp. 2153 2158.
2) Precisely accounting for the affect of functions that operate [8] X. Fu, X. Lu, B. Pelts verger, S. Chen, K. Qian, and L.Tao. A Static
on the tainted data. Analysis Framework for Detecting SQL Injection Vulnerabilities,
The data consists of characters. Hence to achieve accuracy COMPSAC 2007, pp.87-96, 24-27 July 2007
[9] S. Thomas, L. Williams, and T. Xie, On automated preparedstatement
tainting at character level is carried in our approach. Here generation to remove SQL injection vulnerabilities.Information and
Strings are constantly broken into substrings for building SQL Software Technology 51, 589–598 (2009)
quires. [10] M. Ruse, T. Sarkar and S. Basu .Analysis & Detection of
Syntax Aware Evaluation SQLInjection Vulnerabilities via Automatic Test Case Generation of
Programs. 10th Annual International Symposium on Applications
Positive tainting helps to create taint markings during and the Internet pp. 31 – 37 (2010)
execution but for achieving more security we must be able to
398
