Preview

Query Parsing at the Application Layer to Prevent Sql Injection

Powerful Essays
Open Document
Open Document
1324 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Query Parsing at the Application Layer to Prevent Sql Injection
Query Parsing At the Application Layer to Prevent Sql Injection
Presented by
Saurabh Jain
---------------------------------------------------------------------------------------------------------------------

Abstract
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. Thus when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. The code for this attack can be inserted from the application by the attacker so the idea behind to avoid sql injection is to analyze the query at the application layer so that the vulnerable code never get executed. We have analyzed that a small piece of code injected from the application could let the user to bypass the login system. So we will analyze the code at the application layer to see that if any malicious sql statements are present then the application would stop that code to be executed by the sql server. The objective of the project is to design a secure layer at the application level so that the whole sql query will be parsed and analyze by the application to see if the query contains any

sql injection code and if it contains it will not be executed by the sql server. The query needs to be filter at the application layer before it is being sent to the database server. The scope is to develop the secure algorithm which would analyze the query before it is being executed. The algorithm acts as a secure layer through which the query passes and it’s being checked for malicious sql injection code.
Introduction
Since database is used in almost all the application nowadays and we are focusing mainly an on web application that uses MS sql server or My sql server as a database. A small code can be inserted from the application while entering the basic details and it can be a malicious Sql code which when executed can

You May Also Find These Documents Helpful

  • Satisfactory Essays

    IS3350 week 1

    • 287 Words
    • 3 Pages

    9. Security controls and security countermeasures to help protect the Master SQL Database that houses customer privacy data and intellectual property assets.…

    • 287 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    Database administrators should monitor their SQL databases for unauthorized or abnormal SQL injections and write scripts for alarming as well as Simple Network Management Protocol (SNMP) alerts. Additional safeguards can be placed that include encrypting the data elements that reside in long-term storage of the SQL…

    • 575 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Nt1330 Unit 4

    • 1142 Words
    • 5 Pages

    29. Dottie gave her students a test about database concepts and functions. She arranges the…

    • 1142 Words
    • 5 Pages
    Good Essays
  • Good Essays

    • Describe the most prominent signs that a database attack has occurred. Discuss the steps one would take to recover from such an attack. Explain how such attacks can be prevented.…

    • 392 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    - Any action that a database takes, creating objects, adding rows, changing data in rows, removing rows, and so on.…

    • 327 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Nt1330 Unit 1 Assignment

    • 2207 Words
    • 9 Pages

    This paper gives an idea regarding the important aspects of the database security. It mainly focuses on the security parameters such as confidentiality, authenticity and availability of the data. It also explains the different threats for the security in an organization in relation to the database. The basic steps which are required to control the loss of data are explained in detail. Among the controls the encryption process is the one which has to be followed to control the access into an…

    • 2207 Words
    • 9 Pages
    Powerful Essays
  • Satisfactory Essays

    Unit 6 True

    • 287 Words
    • 1 Page

    The WHERE clause is used to set criteria by which to filter which rows are returned or affected. TRUE…

    • 287 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    Nt1310 Unit 1 Assignment

    • 533 Words
    • 3 Pages

    Organizations are under increased pressure to audit every action that a user performs within a database. This is due to increased focus on security, risk, accountability and avoidance of fraud and corruption. While security prevention measures (logins, firewalls, tokens etc.) are important to prevent unauthorized access to the data in the first place, as this survey shows, most breaches occur by users who are authorized but are either negligent or malicious.…

    • 533 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Structured Query Language (SQL) is a standard database computer language used for querying, modifying and managing data in Relational Database Management Systems (RDBMS). SQL was developed in the 1970's by IBM to initially manipulate and retrieve data in IBM System R. The SQL language was standardized in 1986 by the American National Standards Institute (ANSI); however, later releases were released as International Organization for Standardization (ISO) standards.…

    • 612 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    unit 6

    • 360 Words
    • 2 Pages

    13) The WHERE clause is used to set criteria by which to filter which rows are returned or affected.…

    • 360 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    4. To prevent risk or threats of any kind you must safeguard all information stored on the database server. Employees have private information regarding business and customers stored on the database server and the loss or accidental leak of data could be a major hit to the company. This is why it is so important to use the risk management techniques of avoidance, transfer,…

    • 388 Words
    • 2 Pages
    Good Essays
  • Good Essays

    SQL Henry Books Chapter 7

    • 912 Words
    • 6 Pages

    b. Write an execute the command using the PLUME view to retrieve the book code, title, and price for every book with a price of less than $13.…

    • 912 Words
    • 6 Pages
    Good Essays
  • Good Essays

    Csia 301 - Syllabus

    • 4678 Words
    • 19 Pages

    Prerequisite: CMIS 102. A comprehensive introduction to the protection of business information and the systems that support business processes. The objective is to identify common threats and attacks employed against Web-accessible applications, analyze the role of security models and architectures, explain the role of cryptography, and analyze issues related to security management and network security.…

    • 4678 Words
    • 19 Pages
    Good Essays
  • Satisfactory Essays

    Unit 1&2 Discussion

    • 379 Words
    • 2 Pages

    Security of web applications first begins with configuring the server itself with strict security in mind. Many will often deploy various layers such as a WAF, IDS, or Mod Security to react in real time to various hacking and threats for HTTP requests. However, securing the entire server and any running services with a high level of security in mind is the first fundamental step to avoid the risk of being hacked or compromised.…

    • 379 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Penetration-Testing

    • 14938 Words
    • 60 Pages

    tools, both commercial and free. In this thesis a selection of such tools are tested…

    • 14938 Words
    • 60 Pages
    Good Essays

Related Topics