SQLIA Review Paper

8/17/2019 SQLIA Review Paper

1/6

A Review on SQL Injection Prevention Technique Navjot Verma Amardeep Kaur

M. Tech CSE Assistant Professor

Department of computer Science Department of computer Science

PUC!TM" Moha#i $Punja%& PUC!TM" Moha#i $Punja%&

[email protected] amardeep'tiet()ahoo.com

Abstract- S*+ injection is the major

suscepti%#e attac, in toda)-s era of e%

app#ication hich attac,s the data%ase to

/ain unauthori0ed and i##icit access. !t

or,s as an intermediate %eteen e%

app#ication and data%ase. Most of the time"

e##1,non peop#e fire the S*+ injection"

ho is previous#) or,in/ in the

or/anisation on the present data%ase.

Toda) or/anisation has major concern is to

stop S*+ injection %ecause it is the major

vu#nera%#e attac, in the data%ase. S*+!

attac,s tar/et data%ases that are reacha%#e

throu/h e% front. S*+! prevention

techni2ue efficient#) %#oc,ed a## of the

attac,s ithout /eneratin/ an) fa#se

positive.

Keywords: SQL Injection, SQL

injection Prevention.

Introduction

S*+ injection attac, a##os attac,ers to

/ain contro# of the ori/ina# 2uer)" i##e/a#

access to the data%ase and e3tract or

transform the data%ase 456. The main cause

of S*+ injection vu#nera%i#ities is7

attac,ers use the input support to attac,

strin/s that contains specia# data%asecommands. An S*+!A occurs hen an

attac,er chan/es the S*+ contro# %)

insertin/ ne ,e)ords 486. A successfu#

S*+! attac, hinder privac) inte/rit) and

avai#a%i#it) of information in the data%ase.

!n most of cases" S*+ !njection is used to

initiate the denia# of service attac, on e%

app#ications. The strictness of the attac,s

depends on the ro#e or account on hich

the S*+ statement is e3ecuted.

An attac,er needs to ,no #oop ho#es inthe app#ication %efore #aunch an attac,.

Attac,ers use7 input format" timin/"

performance and error messa/e to decide

the t)pe of attac, suita%#e for an

app#ication. Data%ase is the heart of man)

e% app#ications" %asis for hich data%ase

more and more comin/ under /reat

num%er of attac,s. S*+!As occur hen

data provided %) the user is incorporated

direct#) in the 2uer) and is not

appropriate#) va#idated.

Phase used in web application security:

There are to t)pes of Phase7

Data base layer: The data%ase #a)er

provides an o%ject vision of data%ase

information %) app#)in/ schema semantics

to data%ase records" so iso#atin/ the upper

#a)ers of the director) service from the

under#)in/ data%ase s)stem. The data%ase#a)er is an inner %oundar) that is not

e3posed to users. No data%ase admission

ca##s are made direct#) to the E3tensi%#e

Stora/e En/ine9 as an a#ternative" a##

data%ase ri/ht to use is routed throu/h the

data%ase #a)er.

Application layer: refers to techni2ues of

shie#din/ :e% app#ications at the

app#ication #a)er $#ast #a)er of the seven1

#a)er ;S! mode#& from nast) attac,s that

ma) picture private information.Protection is app#ied to the app#ication

#a)er especia##) to protect a/ainst i##e/a#

access and attac,s.

here are advanta!es o" #eb Security:

5. !nternet sites are e##1#i,ed tar/ets for

crac,ers" and even ithout mean forces

securit) ho#es can permit accidents

happen.

8. A /ood netor, is a secure netor,.


2/6

sensitive information" or at #east

information )ou don=t ant in the pu%#ic

domain %efore )ou are prepared.

ypes o" SQL Injection$

So%e o" the attac&s are:

a) First order attack

Attac,ers aim the data%ase ith strin/s

attached to an input fie#d and receives the

anser immediate#). Such attac,s hich

e3p#oit the #ac, of va#idation in the input

fie#d parameter are ,non as first order

attac,s.

b) Second order attack

An attac,er attac,s the data%ase ith

insertin/ mean 2ueries in a ta%#e %ut

imp#ement these 2ueries from other

actions.

c) Tautology attack

Conditiona# operators are used %) the

attac,ers in the S*+ 2ueries such that the

2uer) a#a)s eva#uates to TUE 45 8 >

5?6.

SE+ECT @ ;M student :BEE name

== ; =5==5=9d) Logically incorrect

Queries

An i##e/a# 2uer) used %) the attac,er to

/#ance at the ho#e data%ase 45 8 > 5?6.

SE+ECT @ ;M student :BEE id

name 9

e) Piggy-backed query

!n this attac," attac,er tries to add on

supp#ementar) 2ueries %ut terminates the

first 2uer) %) insertin/ F9G 45 8 H6.

SE+ECT @ ;M student :BEE

ro##'no59D;P TAI+E student9

f) Timing attack

!n this t)pes of attac, the ! E+SE

statement is used for injectin/ 2ueries 45

86. E3amp#e :A!T;" !" E+SE"

IENCBMAK etc .


ro##'no51S+EEP$5J&9

/& Alternate encoding

Attac,er modifies the injection 2uer) %)

usin/ a#ternate encodin/ such as

he3adecima# " ASC!! and Unicode 45 86 .


ro##'nounhe3$=?J=&9 .

Literature Survey

A. S. ad/i,ar et al S*+ injection attac,

has %ecome a major threat to e%

app#ications" hich /ives unauthori0ed

access 456. This paper has used ne/ative

taintin/ approach ith #in,ed #ist structure.

This approach is imp#emented %eteen

app#ication pro/ram and data%ase server.

A## the s)mptoms of S*+ injection attac, are stored in data%ase. The future /oa# is to

improve the efficienc) %) reducin/ fa#se

positives. Mu#tithreadin/ can %e used to

reduce the time re2uirements. !n this paper

S*+ data%ase is used for testin/.

:. . L. Ba#fond et al An S*+!A occurs

hen an attac,er chan/es the deve#opers

S*+ command %) insertin/ ne S*+

,e)ords or operators 486. !n this paper

their approach or,s %) identif)in/ trusted

strin/s and a##oin/ on#) those trustedstrin/s to %e used to create sensitive part of

the S*+ 2uer) strin/s. :ASP $e%

app#ication S*+ injection prevented& too#

imp#ements this techni2ue. !t stops a## the

attac,s ithout /eneratin/ fa#se positives.

!n the uture or,1 the proposed or, can

%e used for %inar) pro/rams and further

improve the efficienc) of techni2ue to

reduce the amount of information re2uired.

S. o) et al S*+ injection is most

vu#nera%#e to e% app#ications. !n this paper CS scanner used that is #i/ht

ei/hted" fast and #o fa#se positive rate

4


3/6

S. Ian/re et al S*+ injection tar/et

data%ases that are accessi%#e throu/h a e%

front end and ta,e advanta/e of f#as in

the input va#idation #o/ic of e%

components such as C! script 46. !n this

paper input fi#ter techni2ue has %een usedhich chec,s the attri%ute va#ue for sin/#e

2uote" dou%#e dash and space provided %)

the user throu/h input fie#ds. This paper

proposes simp#e and effective method %)

usin/ S*+ 2uer) parameter counter to

prevent S*+!A. This paper uti#i0es %oth

static and d)namic ana#)sis to detect S*+

injection attac,. uture or, is a#so

needed on this paper %ecause research

or, is not re#ated to e% app#ications of

S*+ %ut a#so other e% app#ication attac, such as SS.

'(istin! echni)ues$

So%e o" the e(istin! techni)ues to

prevent SQLIA are:

Positive aintin!$ Positive taintin/

focuses on the reco/nition and mar,in/ of

trusted strin/s. !t uses the concept of

s)nta3 sensitive estimation. This s)stemor,s in fo##oin/ manner1 $5& !dentif)in/

trusted data source. $8& A##oin/ on#) data

from such sources to suit a S*+ ,e)ord

or operator in 2uer) strin/s. Trusted data

strin/s can %e more readi#) ,non. :ASP

$:e% App#ication S*+ injection

Preventer& too# have imp#emented this

approach. This approach is defined at the

app#ication #eve# and it re2uires no

a#teration of the runtime $LVM& s)stem"

and it imposes #o e3ecution overhead.Positive taintin/ used to chec, S*+!A at

the runtime. :ASP too# or,s fruitfu##)

%ut it %#oc,ed over 58??? attac,s ithout

/eneratin/ fa#se positives.

*e!ative taintin!$ Preventin/ S*+

injection attac, usin/ ne/ative taintin/

provide uni2ueness %) usin/ #in,ed #ist.

This approach or,s on the untrusted

strin/s and provides /ood response time

for #ar/e data%ase pro/rams. This approachconsists of $5& !dentif)in/ hot spot from

the app#ication $8& To find out S*+

injection attac, usin/ ne/ative taintin/. $


4/6

SQL$ID -

Kema#is and T0ouramanis have su//ested

nove# specification1%ased methodo#o/) for

the detection of e3p#oitations of S*+

injection vu#nera%i#ities in FSpecification

%ased approach on S*+ !njection

detectionG 4


5/6

Schemes Tauto#o/) +o/ica##

)

!ncorrect

*ueries

Union

*uer)

Stored

Procedure

Pi//)

Iac,ed

*ueries

!nference

Attac,

A#ternatin/

Encodin/

Attac,

AMNES!A ES ES ES N; ES ES ES

S*+rand ES N; N; N; ES ES N;

CAND!D ES N; N; N; N; N; N;

S*+uard ES N; N; N; N; N; N;

S*+!PA ES ES ES N; ES ES ES

Ne/ative

Taintin/

ES ES ES N; ES ES ES

0onclusion

1e"erences

456 A. S. ad/i,ar" FPreventin/ S*+

injection attac,s usin/ ne/ative taintin/

approach"G in I International

!on"erence on !om#utational Intelli$ence

an% !om#utin$ Research" 8?5


6/6

Computing Conference, IACC 2013,

$%&', ((. &'&)*&'$'.

+&% P. Kuar and -. K. Pateriya, “A

Survey on SQL Injection Attacks ,

Detection and Prevention Tec"niues,# no. /u0y, $%&$.

+&& 1. Lu, 2. Pe0tsverger, S. 3"en, 4.

Sout"5estern, K. Qian, and S.

Po0ytec"nic, “A Static Ana0ysis

6rae5ork 6or Detecting SQL

Injection 7u0nera8i0ities,# no.

3o(sac, $%%).

+&$ S. T"oas, L. 9i00ias, and :.

3aro0ina, “Using Autoated 6i;

4eneration to Secure SQL

Stateents + S"ort (resentation

(a(er ,# $%%).

+&' K.. !5ang, !.

Documents

SQLIA Review Paper