Analysis of different technique for detection of SQL injection

Abstract

Vulnerability in web applications allows malicious users to obtain unrestricted access to private and confidential information. SQL Injection vulnerabilities are particularly relevant, as web services frequently access a relational database using SQL commands. SQL injection is ranked at the top in web application attack mechanisms used by hackers to steal data from organizations. Hackers' can take advantages due to flawed design, improper coding practices, improper validations of user input, configuration errors, or other weaknesses in the infrastructure. Reference has said that researchers have proposed different techniques to provide a solution for SQLIAs (SQL Injection Attacks), but many of these solutions have limitations that affect their effectiveness and practicability. The OWASP 2010 report places Injection Attacks, including SQLIAs, as the most likely and damaging. SQLIAs are caused by attackers inserting a malicious SQL query into the web application to manipulate data, or even to gain access to the back-end database. The main reason contributing to the successful SQLIAs is due to bad web application design and implementation. In this paper we are going to discuss different mechanisms available for detection of SQL injection. At the end we are going to conclude which mechanism is better.