Journal of Advanced Database Management & Systems

Databases are the first target of the hackers. Weak authentication is one of biggest reason for which we lose our confidential data. We usually share our sensitive information such as debit/credit card numbers, SSN etc. without caring for the fact that when our system will interact in the internet through the WWW environment, huge amount of data is being created which may have user’s personal information. It may cause a breach in the user’s privacy, if this data is fetched by any unauthorized party. Hence, the big question is that how can we ensure the database security against cyber-attacks. In recent times, SQL injection attacks have emerged as a major threat to database security. SQL injection attack has been around for over a decade. It allows attackers to obtain unauthorized access at the back-end database to change the intended application-generated SQL queries. Such attacks target the databases through web front-end layer taking the advantage of flaws happening at the user’s end. For the purpose of security, we have surveyed various SQL injection techniques, which cause threat to database security. We will discuss various technical methods, terminologies used to handle these attacks.

Cite this Article
Jagjit Kaur, Amrita, Mankiran. SQL Injection: A Hazard to Databases Security via Web Application. Journal of Advanced Database Management & Systems. 2016; 3(1): 30–36p.

Atefeh Tajpour, et al. Evaluation of SQL Injection Detection and Prevention Techniques. Centre for Advanced Software Engineering (CASE), University Technology Malaysia, Kuala Lumpur, Malaysia.

Susanta Nanda, Lap Chung Lam. Web Application Attack Prevention for Tiered Internet Service. Fourth International Conference IEEE. 2008.

Boyd SW, Keromytis AD. SQLrand: Preventing SQL Injection Attacks. In Proceedings of the 2nd Applied Cryptography and Network Security (ACNS) Conference. Jun 2004; 292–302p.

Prasant Singh Yadav, Pankaj Yadav. A Modern Mechanism to Avoid SQL Injection Attacks in Web Applications. International Journal of Research Review in Engineering Science and Technology (IJRREST). Jun 2012; 1(1).

Sruthy Manmadhan, et al. A Method of Detecting SQL Injection Attack to Secure Web Applications. International Journal of Distributed and Parallel Systems (IJDPS). Nov 2012; 3(6).

Zhang X, Lin CJ, et al. Trans SQL: A Translation and Validation Based Solution for SQL-injection Attacks. In Proceedings of First International Conference on

Robot, Vision and Signal Processing. 2011; 248–251p.

Manju Kaushik, et al. SQL Injection Attack Detection and Prevention Methods: A Critical Review. Int J Innov Res Sci, Eng Technol. ISO. Apr 2014; 3(4).

Shubham Srivastava. A Survey on: Attacks due to SQL Injection and their Prevention Method for Web Application. IJCSIT. 2012; 3(1): 3225–3228p.

Prithvi Bisht, et al. CANDID: Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations. Madhusudan, Venkatakrishnan VN. University of Illinois, Chicago.

Fehreen Hasan, et al. Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA. Jul 2012; 2(7).

Halfond William J, Alessandro Orso. AMNESIA: Analysis and Monitoring for Neutralizing SQL Injection Attacks. College of Computing Georgia Institute of Technology.

Ravindra Kumar Purwar, et al. SQL Injections-A Hazard to Web Applications. Int J Adv Res Comput Sci Softw Eng. Jun 2012; 2(6).

Kasra Amirtahmasebi, Seyed Reza Jalalinia. A Survey of SQL Evaluation of Popular Copy-Move Forgery Detection Approaches. IEEE Trans Inf Forensics Security. 2012.

Sadeghian A, Zamani M, Abdullah SM. A Taxonomy of SQL Injection Attacks. Informatics and Creative Multimedia (ICICM). 4–6 Sep 2013; 269, 273p.

Shaukat Ali, Azhar Rauf, Huma Javed. SQL IPA: An Authentication Mechanism against SQL Injection.

Amirtahmasebi K, Jalalinia SR, Khadem S. A Survey of SQL Injection Defense

Mechanisms. Proc. of ICITST 2009. 9–12 Nov 2009; 1–8p.