Detection Block Model for SQL Injection Attacks
|Diksha Gautam Kumar, Madhumita Chatterjee
|Related article at Pubmed, Scholar Google|
With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers' lack of knowledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable asset in any organization. SQL injection is an attack technique used to exploit code by altering back-end SQL statements through manipulating input. An attacker can directly compromise the database, that’s why this is a most threatening attack.SQL injection attack occupies first position in top ten vulnerabilities as specified by Open Web Application Security Project. It is probably the most common Website vulnerability today! Current scenarios which provide solutions to SQL injection attack either have limited scope i.e. can’t be implemented in all platforms or do not cover all types of SQL injection attacks. In this work we implement Detection Block model against SQL injection attacks. The model works both on client and server side. Client side implements a filter function and server side is based on information theory. MAC of static and dynamic query which is derived from entropy is compared to detect an attack.