The Multi-Tier Architecture for Developing Secure Website with Detection and Prevention of SQL-Injection Attacks

SQL injection is an attack methodology that targets the data residing in a database. The attack takes advantage of poor input validation in code and website administration. SQL Injection Attacks occur when an attacker is able to insert a series of SQL statements into a 'query' by manipulating user input data into a web-based application, an attacker can take advantages of web application programming security flaws and pass unexpected malicious SQL statements through a web application for execution by the back-end database. This paper proposes a novel specification-based methodology for the prevention of SQL injection Attacks.