Abstract
SQL Injection Attack has been a major security threat to web applications since last 15 years. Nowadays, hackers use automated tools to discover vulnerable websites and launch mass injection attacks. Accurate run-time detection of SQL injection has been a challenge in spite of extensive research in this area. This paper presents a novel approach for real-time detection of SQL injection attacks using query transformation and document similarity measure. Acting as a database firewall, the proposed system named SQLiDDS, can protect multiple web applications using the database server. With additional inputs from human expert, SQLiDDS can also become more robust over time. Our experimental results confirm that this approach can effectively detect and prevent all types of SQL injection attacks with good accuracy yet negligible impact on system performance. The approach was tested on web applications built using PHP and MySQL, however it can be easily adopted in other platforms with minimal changes.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
