Universiti Teknologi Malaysia Institutional Repository

Integration of SQL injection prevention methods

Chaki, Shahbaaz Mohammed Hayat and Mat Din, Mazura and Md. Siraj, Maheyzah (2019) Integration of SQL injection prevention methods. International Journal of Innovative Computing, 9 (2). pp. 23-27. ISSN 2180-4370

[img]
Preview
PDF
740kB

Official URL: https://dx.doi.org/10.11113/ijic.v9n2.232

Abstract

In everybody’s life including the organisations, database plays a very important role, since today everything is connected via the Internet. There is a need for a database that helps organisations to organise, sort and manage the data and ensure that the data a user receives and sends via the database mean is secure, since the database stores almost everything such as banking details including user ID and password. Make this data really valuable and confidential for us and therefore security is really important for the database. In this age, SQL Injection database attacks are increasingly common. The hackers attempt to steal an individual’s valuable data through the SQL Injection Attack mean by using malicious query on the application, hence revealing an efficient individual data. Therefore the best SQL Injection Prevention technique is needed to safeguard individual data against hackers being stolen. This paper compares two types of SQL Injection using the SQL pattern matching database system attack (SQLPMDS) and a SQL injection union query attacks prevention using tokenisation technique (SIUQAPTT) that allows Database Administrator to select the best and most effective SQL Injection Prevention method for their organisation. Preventing SQL Injection Attack from occurring that would ultimately lead to no user data loss. The results were obtained by comparing it to the results of the SQL injection attack query on whether the attack was blocked or not by two prevention techniques, SQL pattern matching database system attacks and SQL injecting union query attacks prevention using website tokenisation techniques. The conclusion is that the best method of prevention is the SQL pattern that matches database system attacks.

Item Type:Article
Uncontrolled Keywords:SQL injection, SQL injection prevention, SQL attacks, prevention methods
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computing
ID Code:85239
Deposited By: Fazli Masari
Deposited On:17 Mar 2020 08:10
Last Modified:17 Mar 2020 08:10

Repository Staff Only: item control page