Analysis of SQL Injection Detection and Prevention

Abstract

Objectives: SQL Injection Attack (SQLIA) is a frequent and a severe security issue in the web applications. In SQLIA, hacker can obtain the benefit of poor input validation and weak coded web application. Due to the successful execution of a SQLIA, integrity and confidentiality of data are lost which results in the degrading organization’s market value. This paper gives a valuable analysis of various types of SQLIAs, methods and mechanisms. It also explores various detection and prevention techniques. Methods/Analysis: A rigorous survey has been conducted and consequently, comparative analysis of various detection and prevention techniques is done with respect to various types of attacks. In current research various pattern matching algorithms for the detection and prevention of SQLIA are analyzed and few are tested. Findings: Comparative analysis of Boyer Moore pattern matching algorithm is done with Naive String pattern matching algorithm. The time and memory consumption taken by both the algorithms has been analyzed. The results show that Boyer Moore is more efficient to detect and prevent the SQLIAs as compared to Naive string. Novelty/Improvement: In future it aims to propose an algorithm which will enhance in terms of efficiency and resource usage. The approach needs to be implemented for every pattern matching algorithm to find the best solution regarding detection and prevention of SQLIA.