Prevention of SQL Injection Attacks using Query Hashing Technique

2021 2nd International Conference on Range Technology (ICORT) Pub Date : 2021-08-05 DOI:10.1109/ICORT52730.2021.9581804

Yash Swarup, Anuj Kumar, A. Tyagi, Vimal Kumar

{"title":"Prevention of SQL Injection Attacks using Query Hashing Technique","authors":"Yash Swarup, Anuj Kumar, A. Tyagi, Vimal Kumar","doi":"10.1109/ICORT52730.2021.9581804","DOIUrl":null,"url":null,"abstract":"Web applications are a vital part of day-to-day life. Many critical services like shopping, health, banking, data communication and transport are partly or completely dependent on the Internet. Simultaneously, different kinds of the attacks in the network are introduced by various kinds of attacker. One of the important security attacks is SQL injection. It is a web application vulnerability by which an attacker can get unauthorized access to the database of a website. With the help of SQL injection an attacker can take control of any website if attacker is able to get the credentials of the administrator of the website. In some cases, an attacker may access, delete or modify the data in the database that may cause permanent changes in the applications' content or behavior. In this paper, we have proposed a new technique to prevent SQL Injection attacks by comparing the hash value of the generated query with the hashed value of the legitimate query. Our scheme can be easily added to any prebuilt website build using any language or database type as it requires only few changes to be made in the code of the language.","PeriodicalId":344816,"journal":{"name":"2021 2nd International Conference on Range Technology (ICORT)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 2nd International Conference on Range Technology (ICORT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICORT52730.2021.9581804","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Web applications are a vital part of day-to-day life. Many critical services like shopping, health, banking, data communication and transport are partly or completely dependent on the Internet. Simultaneously, different kinds of the attacks in the network are introduced by various kinds of attacker. One of the important security attacks is SQL injection. It is a web application vulnerability by which an attacker can get unauthorized access to the database of a website. With the help of SQL injection an attacker can take control of any website if attacker is able to get the credentials of the administrator of the website. In some cases, an attacker may access, delete or modify the data in the database that may cause permanent changes in the applications' content or behavior. In this paper, we have proposed a new technique to prevent SQL Injection attacks by comparing the hash value of the generated query with the hashed value of the legitimate query. Our scheme can be easily added to any prebuilt website build using any language or database type as it requires only few changes to be made in the code of the language.

查看原文本刊更多论文

利用查询哈希技术防止SQL注入攻击

Web应用程序是日常生活的重要组成部分。许多关键服务，如购物、医疗、银行、数据通信和运输，部分或完全依赖于互联网。同时，不同类型的攻击者在网络中引入了不同类型的攻击。SQL注入是一种重要的安全攻击。这是一个web应用程序漏洞，攻击者可以通过该漏洞未经授权访问网站的数据库。在SQL注入的帮助下，攻击者可以控制任何网站，如果攻击者能够获得网站管理员的凭据。在某些情况下，攻击者可能会访问、删除或修改数据库中的数据，从而导致应用程序的内容或行为发生永久性变化。在本文中，我们提出了一种通过比较生成查询的哈希值与合法查询的哈希值来防止SQL注入攻击的新技术。我们的方案可以很容易地添加到使用任何语言或数据库类型的任何预构建网站构建，因为它只需要在语言的代码中进行很少的更改。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 2nd International Conference on Range Technology (ICORT)

自引率

0.00%

发文量