Detection and Prevention of SQL Injection

Abstract

SQL injection vulnerability is a kind of injection vulnerability in which the database server is forced to execute some illicit operations by crafting specific inputs to the web server. Even though this vulnerability has had it’s presence for several years now, most of its popular mitigation techniques are based on safe coding practices, which are neither applicable to the existing applications, nor are application independent. Here we propose a new application logic independent solution to prevent SQL injection attacks which can be applicable to any dynamic web technology. The new solution detects SQL injection by considering the semantic variance between the queries generated by the query function with safe inputs and injection inputs. We have implemented the complete solution in ASP.NET with C# web applications using a custom written tool, SIAP, which patches the SQL Injection vulnerabilities in an existing web application by instrumenting the binaries.

Technical Guidance

Project Member:

Sandeep Nair Narayanan

sandeepnairnarayanan@gmail.com


Downloads:
  • Software        

  •            






    Content with URLs that have the current URL as a prefix has been hosted in accordance with fair use principles, for academic and non-profit purposes. By downloading the contents of this page, you agree to bring possible violation of fair use to my notice before taking legal recourse.