Research Cell: An International Journal of Engineering Sciences

Open Access Open Access  Restricted Access Subscription Access

Detecting SQL Injection Attacks Using Syntax Analysis of Dynamically Generated Queries


Affiliations
1 Dept. of Com Sc & IT, University of Jammu, India
 

Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker using specially crafted inputs, causes a web application to generate and send a query that functions differently than the programmer intended. Thus a diagnostic feature of SQL injection attacks is that they change the intended syntactic structure of queries issued. This paper presents a query intent evaluation technique to detect possible SQL Injection attacks by tracing the queries in which the input substrings modify the syntactic structure of the rest of the query. This approach has been implemented in a tool which takes an SQL query as input and detects if it is a command injection attack.
User
Notifications
Font Size

Abstract Views: 139

PDF Views: 0




  • Detecting SQL Injection Attacks Using Syntax Analysis of Dynamically Generated Queries

Abstract Views: 139  |  PDF Views: 0

Authors

Supriya Gupta
Dept. of Com Sc & IT, University of Jammu, India
Lalitsen Sharma
Dept. of Com Sc & IT, University of Jammu, India

Abstract


Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker using specially crafted inputs, causes a web application to generate and send a query that functions differently than the programmer intended. Thus a diagnostic feature of SQL injection attacks is that they change the intended syntactic structure of queries issued. This paper presents a query intent evaluation technique to detect possible SQL Injection attacks by tracing the queries in which the input substrings modify the syntactic structure of the rest of the query. This approach has been implemented in a tool which takes an SQL query as input and detects if it is a command injection attack.