Research Cell: An International Journal of Engineering Sciences

Supriya Gupta ¹, Lalitsen Sharma ¹

Affiliations
1 Dept. of Com Sc & IT, University of Jammu, IN

Abstract

Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker using specially crafted inputs, causes a web application to generate and send a query that functions differently than the programmer intended. Thus a diagnostic feature of SQL injection attacks is that they change the intended syntactic structure of queries issued. This paper presents a query intent evaluation technique to detect possible SQL Injection attacks by tracing the queries in which the input substrings modify the syntactic structure of the rest of the query. This approach has been implemented in a tool which takes an SQL query as input and detects if it is a command injection attack.

Full Text