Web application database protection from SQLIA using permutation encoding

Abstract

Web application is the base of online businesses through the Internet. The emergence of COVID 19 forced almost every job to operate online so as to bridge the distance amongst individuals. The rapid increment in the needs of web application increases security threats on information and data. According to the Open Web Application Security Project, Structured Query Language Injection Attack (SQLIA) is a top security threat for web application. SQLIA inserts malicious code to gain access or to manipulate database information by cheating the server to bypass the code to the database, thereby causing a severe impact on web application. In this paper, permutation encoding method has been proposed to prevent SQLIA, which is based on encoding all database information using the proposed method. Initially, a special character is inserted to restrict the method from reversing. Subsequently, permutation encoding method is applied. Permutation refers to the method wherein the bit location is changed within three characters and then radix encoding is applied. Permutation is based on the primitive root value. Encoding has been used to hide permutation. The proposed method is implemented and tested using PHP and MySQL databases, where the proposal result has been compared with those of other proposal methods. The results with security analysis prove that the proposal method prevents SQLIA and protects database information.