Publication: Identification and Mitigation Tool for Sql Injection Attacks(SQLIA)
Type:
Article
Date
2020-11-26
Journal Title
Journal ISSN
Volume Title
Publisher
IEEE
Abstract
Structured Query Language Injection Attack (SQLIA) is a very frequent web security vulnerability. The attacker adds a malicious Structured Query Language (SQL) code to the input field of a web form, so that he can gain access to data or make unauthorized changes to data. A successful malicious SQL injection cause serious consequence to the victimized organization such as financial loss, reputation loss, compliance, and regulatory breaches. There have been several research works on detection and prevention of SQL injection attacks. However, still there is an absence of an advanced single tools for both identification and mitigation of SQL injection attacks. We have proposed an approach to identify and mitigate SQL injection attacks using a single tool and it allows software testers to identify the SQL injection vulnerabilities of their web applications during the testing stages. The proposed approach is based on parameterized queries and user input validation. Our results show that the tool provides 100% accurate and efficient results on identification and mitigation of SQL vulnerabilities.
Description
Keywords
Identification, Mitigation Tool, Sql Injection, Attacks (SQLIA), Attacks (SQLIA)
Citation
W. H. Rankothge, M. Randeniya and V. Samaranayaka, "Identification and Mitigation Tool for Sql Injection Attacks (SQLIA)," 2020 IEEE 15th International Conference on Industrial and Information Systems (ICIIS), 2020, pp. 591-595, doi: 10.1109/ICIIS51140.2020.9342703.