Measures to Prevent SQL Injection Attacks

Measures to Prevent SQL Injection Attacks

Author Name : Akshata Patil

ABSTRACT

The SQL Injection attack has been extensively used to gain confidential information from the database server as the database contains all the critical and interesting data for the application, attackers get unauthorized access from the database. The attacker’s intent could be anything from extracting the data to stealing some private data like credit cards, bank transaction details,etc. This loses the data privacy of the user. The hacker through specific inputs, can access the content of the database. These contents are accessed by altering SQL statements in various ways. The user’s input is accessed in such a way that part of the user’s input is treated as SQL code. The advantage of the errorencoding mechanism and poor validation of the system is taken by attackers. Even antivirus programs are notsuccessful for blocking SQL Injection. SQL Injection is a defect in a web application and not a database or web server issue.The attacker doesn't use a software-specific liability, instead they can target websites that doesn't follow secure coding practices for controlling and accessing data stored in relational database. To address this issue, the review of various SQL Injection Attack has been provided till date. The paper also provides information about coding practices in some common languages to prevent SQL Injection Attack as bad coding practices is the major cause of SQL Injection Attacks and most of it can be prevented.

Key Words: hacker, SQL Injection, Stored Procedures, SQLIA.