A Detection and Prevention Technique on SQL Injection Attacks

Abstract

With the web advancements are rapidly developing, the greater part of individuals makes their transactions on web, for example, searching through data, banking, shopping, managing, overseeing and controlling dam and business exchanges, etc. Web applications have gotten fit to numerous individuals' day by day lives activities. Dangers pertinent to web applications have expanded to huge development. Presently a day, the more the quantity of vulnerabilities will be diminished, the more the quantity of threats become to increment. Structured Query Language Injection Attack (SQLIA) is one of the incredible dangers of web applications threats. Lack of input validation vulnerabilities where cause to SQL injection attack on web. SQLIA is a malicious activity that takes negated SQL statement to misuse data-driven applications. This vulnerability admits an attacker to comply crafted input to disclosure with the application’s interaction with back-end databases. Therefore, the attacker can gain access to the database by inserting, modifying or deleting critical information without legitimate approval. The paper presents an approach which detects a query token with reserved words-based lexicon to detect SQLIA. The approach consists of two highlights: the first one creates lexicon and the second step tokenizes the input query statement and each string token was detected to predefined words lexicon to prevent SQLIA. In this paper, detection and prevention technologies of SQL injection attacks are experimented and the result are satisfactory.