Analyzing SQL Meta Characters and Preventing SQL Injection Attacks Using Meta Filter

SQL Injection Attacks (SQLIA) are widely used in which an attacker crafts input to the application server to access or modify data on the database server. A common approach for an attacker to launch SQLIA is by modifying the input URL to contain partial SQL queries and trick the server into executing them. In this paper, the authors first identify all those input patterns that can appear in the URL of an attack. Next they proposed to deploy a SQL Meta character filter that parses the input URL to detect attack patterns. The attack patterns are so chosen so that SQL Meta characters that appear in a legal input are not filtered out.

Subscribe to the Data Insider Newsletter

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more. Delivered Mondays and Thursdays

Subscribe to the Data Insider Newsletter

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more. Delivered Mondays and Thursdays

Resource Details

Provided by:
International Association of Computer Science & Information Technology (IACSIT)
Topic:
Data Management
Format:
PDF