Analysis and classification of SQL injection vulnerabilities and attacks on web applications

Abstract

Web applications interact with the back-end database to retrieve data as and when requested by the user. Web applications (Like e-commerce, banking, shopping, trading, blogs etc.) are the backbone of today's online business industry. For activities like paying of bills & merchandize information must be kept safe with these web applications but unfortunately there is no guarantee of integrity and confidentially of information. The global exposure of these applications makes them prone to the attacks because of presence of vulnerabilities. These security vulnerabilities continue to infect the web applications through injection attacks. SQL injection attacks (SQLIA's) are one of the top most threat in database centric web application and SQL injections vulnerabilities(SQLIV's) are the most serious Vulnerability types.SQLIA allows the attacker to gain control over the database of an application resulting in financial fraud, Leak of confidential data, network hacking, deleting database, theft and many more to count. In this paper we have discussed the classification of SQL injection attacks and also analysis is done on basis of risk associated with each attack.