Review of SQL Injection : Problems and Prevention

Mohd Amin Mohd Yunus, Muhammad Zainulariff Brohan, Nazri Mohd Nawi, Ely Salwana Mat Surin, Nurhakimah Azwani Md Najib, Chan Wei Liang

Abstract


SQL injection happened in electronic records in database and it is still exist even after two decades since it first happened. Most of the web-based applications are still vulnerable to the SQL injection attacks. Although technology had improved a lot during these past years, but, hackers still can find holes to perform the SQL injection. There are many methods for this SQL injection to be performed by the hackers and there is also plenty of prevention for the SQL injection to be happened. The vulnerability to SQL injection is very big and this is definitely a huge threat to the web based application as the hackers can easily hacked their system and obtains any data and information that they wanted anytime and anywhere. This paper can conclude that several proposed techniques from existing journal papers used for preventing SQL injection. Then, it comes out with Blockchain concept to prevent SQL injection attacks on database management system (DBMS) via IP.

Keywords


Database; DBMS; SQL Injection

Full Text:

PDF

References


S. Nanhay, D. Mohit, R.S. Raw, and K. Suresh, “SQL Injection: Types, Methodology, Attack Queries and Prevention”, in 3rd International Conference on Computing for Sustainable Global Development (INDIACom), 2016, p. 2872 – 2876.

K.G. Vamshi, V. Trinadh, S. Soundabaya, and A. Omar, “Advanced Automated SQL Injection Attacks and Defensive Mechanisms”, in Annual Connecticut Conference on Industrial Electronics, Technology & Automation (CT-IETA), 2016, p. 1-6.

K. Krit and S. Chitsutha, “Machine Learning for SQL Injection Prevention on Server- Side Scripting”, in International Computer Science and Engineering Conference (ICSEC), 2016, p. 1-6.

P.K. Raja and Z. Bing, “Enhanced Approach to Detection of SQL Injection Attack”, in 15th IEEE International Conference on Machine Learning and Applications (ICMLA), 2016, p. 466 – 469.

D. Rhythm and G. Himanshu, “SQL Filtering: An Effective Technique to prevent SQL Injection Attack”, in International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), 2016, p. 312 – 317.

A.A. Nedhal and A. Dana, “Database Security Threats: A Survey Study”, in 5th International Conference on Computer Science and Information Technology, 2013, p. 60 – 64.

A.S. Aditya and P.N Chatur, “Efficient and Effective Security Model for Database Specially Designed to Avoid Internal Threats”, in International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), 2015, p. 165 – 167.

S.P. Ganesh and G. Anandhi, “Database Security: A Study on Threats And Attacks”, International Journal on Recent and Innovation Trends in Computing and Communication, vol. 4(6), pp. 512-513, 2015.

Parviz Ghorbanzadeh, Aytak Shaddeli, Roghieh Malekzadeh, Zoleikha Jahanbakhsh, “ A Survey of Mobile Database Security Threats and Solutions for it”, in the 3rd International Conference on Information Sciences and Interaction Sciences, 2007, p. 676 – 682.

Asmaa Sallam, Qian Xiao, Daren Fadolalkarim, Elisa Bertino, “Anomaly Detection Techniques for Database Protection Against Insider Threats”, in 17th International Conference on Information Reuse and Integration (IRI), 2016, p. 20 – 29.

L. Zhang, C. Tan, and F. Yu, “An Improved Rainbow Table Attack for Long Passwords,” Procedia Computer Science, vol. 107, pp. 47–52. 2017.

Deniz Gurkan and Fatima Merchant “Interoperable Medical Instrument Networking and Access System with Security Considerations for Critical Care”, Journal of Healthcare Engineering, vol. 1(4), pp. 637-654, 2010.

M. A. Halcrow and N. Ferguson, “A Second Pre-image Attack Against Elliptic Curve Only Hash (ECOH),” in IACR Cryptol. ePrint Arch., vol. 2009, p. 168, 2009.

A.K. Kyaw, F. Sioquim, and J. Joseph, “Dictionary attack on Wordpress: Security and forensic analysis,” in 2015 2nd International Conference on Information Security and Cyber Forensics, InfoSec 2015, 2016, p. 158–164.

F. Mouton, M. M. Malan, L. Leenen, and H. S. Venter, “Social engineering attack framework,” in Proceedings of the ISSA, 2014.

Hilarie Orman, “Blockchain: the Emperors New PKI?”, IEEE Internet Computing, vol. 22(2), pp. 23-28, 2018.




DOI: http://dx.doi.org/10.30630/joiv.2.3-2.144

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

JOIV : International Journal on Informatics Visualization
Published by Information Technology Department
Politeknik Negeri Padang, Indonesia

© JOIV - ISSN : 2549-9610 | e-ISSN : 2549-9904 

Phone : +62-82386434344
Email  : hidraamnur@live.com | hidra@pnp.ac.id
              fazrolpnp@gmail.com


Creative Commons License is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

View My Stats