mailto:uumlib@uum.edu.my 24x7 Service; AnyTime; AnyWhere

The impact of SQL injection attacks on the security of databases

Thiyab, Rua Mohamed and Ali, Musab A. M. and Abdulqader, Farooq Basil (2017) The impact of SQL injection attacks on the security of databases. In: 6th International Conference on Computing & Informatics (ICOCI2017), 25 - 27 April 2017, Kuala Lumpur.

[thumbnail of ICOCI 2017 323-331.pdf] PDF
Restricted to Registered users only

Download (278kB) | Request a copy

Abstract

SQL injection Attack (SQLIA) can be detected in many web applications that lack of input variable filtering. The problem of this study is the weak input filtration and validation of forms in dynamic web applications and using a single detection and prevention technique against SQL injection attacks.The aim of this study is to investigate the effect of poor input validation of SQL query to discriminate the parameters used for injection malicious SQL on the security of server database and to improve the filtration level of a user input from real one and a malicious one on dynamic web applications in e-commerce, and to proposes a technique called Combined Detect based on two methods based on JavaScript and PHP coding to detect malicious SQL query and isolate it before sending to the server.The result of this study shows that many web developers neglect the high risks of SQL injection attacks on the security and confidentially of data stored in databases.The injection of malicious SQL parameters pass to the database in the server could damage the whole database or steal data.The method used in this study is based on JavaScript and PHP codes enable the dynamic web application to separate between normal data and malicious data, nevertheless of what user input is entered through input fields.The study recommended avoiding any weakness in SQL server by providing effective input validation to discriminate the malicious parameters used for injection SQL attack queries and using multiple detection methods for SQL injection.

Item Type: Conference or Workshop Item (Paper)
Additional Information: eISSN 2289-7402 e-ISBN 978-967-0910-33-8 Organized by: School of Computing, Universiti Utara Malaysia Sintok.
Uncontrolled Keywords: SQL Injection Attack (SQLIA), SQL Queries, Vulnerability, Dynamic Applications, Input Validation.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: School of Computing
Depositing User: Mrs. Norazmilah Yaakub
Date Deposited: 27 Jul 2017 01:59
Last Modified: 27 Jul 2017 01:59
URI: https://repo.uum.edu.my/id/eprint/22855

Actions (login required)

View Item View Item