Abstract image of a woman sitting on books and studying on a laptop

SQL INJECTION ATTACKS.pptx

Download as PPTX, PDF
R
REMEGIUSPRAVEENSAHAY

The document discusses avoiding vulnerability in web applications due to SQL injection attacks. It proposes using encryption techniques like AES encryption and secure hashing to encrypt SQL queries before sending them to the database. The proposed system architecture encrypts the username and password during registration using AES encryption, and then hashes the encrypted value for storage in the database. This makes unauthorized access and SQL injection attacks more difficult. Screenshots show the protected login page working to help prevent SQL injection attacks.

Business
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
LOYOLA – ICAM COLLEGE OF ENGINEERING AND TECHNOLOGY (LICET) Loyola College Campus, Nungambakkam , Chennai – 34 AVOIDING VULNERABILITY IN DATAADMITTANCE OF WEB APPLICATIONS BASED ON ENCRYPTION TECHNIQUES Done by Guide L.DIVYA [32810104013] Mr L REMEGIUS PRAVEEN SAHAYARAJ V.PAVITHRA [32810104042] P.SHANTHI PRIYA [32810104054] Area Of Reasearch: Database Security
INTRODUCTION • Area Of Research: Database Security • A less secure Web application design may allow crafted injection and malicious update on the backend database. This trend can cause lots of damages and thefts of trusted users sensitive data by unauthorized users • Motivation of this Research 1. Encryption & hashing will provide more security in database. 2. SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique. • Web Application is a Three Tier Architecture with Client, Server & DataBase. •
AGENDA • Abstract. • Existing system. • Proposed system and its limitations. • System Architecture and its advantages. • Screenshots. • Conclusion. • References.
ABSTRACT Web applications are steadily increasing in our daily routines activities and continue to integrate them. Online Banking, On-line reservations, on-line shopping expect these web applications to be secure and reliable the terror of SQL– Injection Attacks has become increasingly frequent and serious. SQL Injection Attacks are one of the topmost threats for web application security. Using SQL Injection attackers can leak confidential information: such as credit card numbers, ATM pins, User credentials from web applications and even corrupt the database. In this paper, some predefined methods are discussed and integrated approach of encryption method with secure hashing is applied in the database to avoid attack on each and every phase.
EXISTING SYSTEM • Tame-card detection and prevention • Functionality of temporary authentication • Vulnerability detection -Static analysis -Dynamic analysis • Predefined method and hybrid encryption methods applied • Hash value approach with SQLIPA prototype • Runtime attack prevention - Client side prevention - Server side prevention
LIMITATIONS • SQL Injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. • Essentially, the attack is accomplished by placing a meta character into data input to then place SQL commands in the control plane, which did not exist there before. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.
Literature survey Title Work done Inference Detection of SQL Injection Attack and Various Prevention Strategies. This paper presents a security methods we are able to reduce the total number of alerts from four to zero alert by scanning the website using vulnerability tool. SQL Injection attack occurs due to vulnerabilities present in the website that allows the hacker to by passes the SQL statements and hence enters into the database queries directly. SQL Injection is the first step in entry to exploiting or hacking any website available on internet. Got Clear Idea about Attacks and this algorithm is like mutation based so it takes plenty of time to identify the attacks Protection of Web Application againstSql Injection Attacks In this paper, various types of SQL injection attacks as well as predefined prevention methods are discussed. Then the hybrid encryption method is used which includes AES encryption and Rabin’s cryptosystem. The reason behind the use of two layer of encryption is that it will be more secured. SQL query is generated and encrypted by Rabin’s cryptosystem because even if hackers hack the information and decode the AES encryption part, it will still be more difficult for them to know about the encrypted query Add some more security to databases to avoid SQL injection attack.
Cont.. SQL INJECTION Attacks in Web Application In this paper, we have presented the rst formal definition of command injection attacks in web applications. Based on this definition, we have developed a sound and complete runtime checking algorithm for preventing command injection attacks and produced a working implementation of the algorithm. SQLCIAs precisely and incurred low runtime overhead. Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA This paper also contains strengths and weaknesses of various SQL injection attacks. At last we also proposed the scheme to handle the SQLIA and strong enough to prevent them. The use of internet increases day by day. As the number of computer users increases, the number reported cases of cybercrime increases. While, on the other side, the organization increases the use of office automation software & services, that helps them to maintain the confidential information with less efforts. A new approach that is completely based on the hash method of using the SQL queries in the web-based environment, which is much secure and provide the prevention from the attackers SQL.
PROPOSED SYSTEM • AES encryption and combined approach of secure hashing on encryption. • By applying encryption technique, database attacks can be prevented. Encryption of data basically helps to change the data into a form that is not readable. Without the correct key, this format can’t be deciphered even if attacker hacks the information. Application of encryption in login phase makes it difficult for unauthorized users to access the database.
ADVANTAGES • Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. • Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password. • Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability. • Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.
OVERALL SYSTEM ARCHITECTURE Username Password Encrypted AES Code AES SHA1 SHA(AES) Username & Password Registration Encrypted string of Username & Password Data Base Access Permitted Value check in DB No Access SQL Injection Attack Authentication Schemes Login Interface
OVERALL SYSTEM ARCHITECTURE • SQL injection attacks are nothing but injecting malicious queries by the hackers into the application projected queries to get the desired outputs from the database. SQL Injection allows an attacker to create, read, update, modify, or delete data stored in the back-end database. • While Typing SQL keywords and control signs an intruder is able to modify the structure of SQL query developed by a Web designer. • SQL Injection attacks can take place when a web application utilizes user-supplied data without proper validation or encoding as part of a command or query
RESULTS Registering the username and password in the login page Username and Password stored in the login table
Unprotected login page Protected Login
Exit page
CONCLUSION • SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique and as we know hashed codes is a one way encryption technique thus it is not possible to decode it. This proposed integrated approach is an effort to add some more security measures to databases to avoid SQL injection attack. • The web-application code perfectly contains a policy that allows distinguishing lawful and malicious queries. • This area is in need of more research, mainly because of various reasons: SQL injection attacks are most probable to change and new vulnerabilities will be found, collectively with new countermeasures to deal with them. As many hacking sites are existing on the web, and since attack methods are well described and circulated between hackers, we believe that information about new attack methods must be constantly surveyed and new counter measures should be developed. • So, in future, a new technique can be developed so that it is capable for other varieties of SQL Injection Attacks also. Due to which, this technique will be able to prevent SQL Injection Attack totally.
REFERENCES [1] Priyanka, Vijay Kumar Bohat, (April 2013) ’Detection of SQL Injection Attack and Various Prevention Strategies’, International Journaand Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-2, Issue-4. [2] Sonam Panda, 1 Ramani S2,(Jan-Feb.2013),’Protection of Web Application against Sql Injection Attacks ‘, International Journal of Modern Engineering Research (IJMER) Vol.3, Issue.1, pp-166-168 ISSN: 2249-6645. [3] Mihir Gandhi, JwalantBaria,( January 2013)’SQL INJECTION Attacks in Web Application’International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-6. [4] By Mayank Namdev*, Fehreen Hasan, Gaurav Shrivastav(July 2012) ‘Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA”Volume 2, Issue 7. [5] Shubham Srivastava1, Rajeev Ranjan Kumar Tripathi, ‘Attacks Dueto SQL Injection & Their Prevention Method for Web-Application (IJCSIT) International Journal of Computer Science and InformationTechnologies, Vol. 3 (2) , 2012,3615-3618. [6] Indrani Balasundaram, E.Ramaraj,’An Authentication Scheme forPreventing SQL injection Attack using Hybrid Encryption’ (ISSN 1450-216,2011, Vol.53,pp.359-368. [7] AtefehTajpour et al. ‘Evaluation of SQL Injection Detetion andPrevention Techniques’ Second International Conference onComputational Intelligence, 2010. [8] Shaukat Ali, Azhar Rauf, Huma Javed,’SQLIPA: An Authentication Mechanism Against SQL Injection’, European Journal of Scientific Research ISSN 1450-216X Vol.38 No.4 (2009), pp 604-611. [9] Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour,( September 2013) ‘Study of SQL Injection Attacks and Countermeasures’, International Journal of Computer and Communication Engineering, Vol. 2, No. 5. [10] W. G. Halfond, J. Viegas, and A. Orso , ‘A Classification of SQLInjection Attacks and Countermeasures,’ in Proc. the International Symposium on Secure Software Engineering 2006.
THANK YOU

More Related Content

PDF
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET Journal
 
PDF
Op2423922398
IJERA Editor
 
PDF
Literature Survey on Web based Recognition of SQL Injection Attacks
IRJET Journal
 
PDF
Ld3420072014
IJERA Editor
 
PDF
IRJET - SQL Injection: Attack & Mitigation
IRJET Journal
 
PDF
Ijeee 51-57-preventing sql injection attacks in web application
Kumar Goud
 
PDF
Devoid Web Application From SQL Injection Attack
IJRESJOURNAL
 
PDF
Prevention of SQL Injection Attacks having XML Database
IOSR Journals
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET Journal
 
Op2423922398
IJERA Editor
 
Literature Survey on Web based Recognition of SQL Injection Attacks
IRJET Journal
 
Ld3420072014
IJERA Editor
 
IRJET - SQL Injection: Attack & Mitigation
IRJET Journal
 
Ijeee 51-57-preventing sql injection attacks in web application
Kumar Goud
 
Devoid Web Application From SQL Injection Attack
IJRESJOURNAL
 
Prevention of SQL Injection Attacks having XML Database
IOSR Journals
 

Similar to SQL INJECTION ATTACKS.pptx (20)

PPTX
csf_ppt.pptx
0567Padma
 
PPTX
cybersecurity and sql injection for students
VeenaShree20
 
DOCX
Understanding SQL Injection_ A Guide to Website Security.docx
Oscp Training
 
PDF
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
PDF
Cryptoghaphy
anita bodke
 
PDF
A Study on Detection and Prevention of SQL Injection Attack
IRJET Journal
 
PDF
Ijcatr04041018
Editor IJCATR
 
PPTX
Sql Injection
penetration Tester
 
PPTX
SQL Injection: Unraveling the Threats
InsecureLab
 
PDF
Prevention of SQL injection in E- Commerce
ijceronline
 
PPTX
Sql injection
Praneeth Perera
 
PDF
The International Journal of Engineering and Science (The IJES)
theijes
 
PDF
GreenSQL Security
ijsrd.com
 
PDF
Overview on SQL Injection Attacks
ijsrd.com
 
PPTX
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Boston Institute of Analytics
 
PPTX
kjkl.pptxsdfdsafsadfsdagsadfsadfasdggasdf
KhalidAhmadGhiasi
 
PPT
Step by step guide for web application security testing
Avyaan, Web Security Company in India
 
PPTX
Web security
dogangcr
 
PDF
A METHOD OF DETECTING SQL INJECTION ATTACK TO SECURE WEB APPLICATIONS
samueljackson3773
 
PPS
Security testing
Tabăra de Testare
 
csf_ppt.pptx
0567Padma
 
cybersecurity and sql injection for students
VeenaShree20
 
Understanding SQL Injection_ A Guide to Website Security.docx
Oscp Training
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
Cryptoghaphy
anita bodke
 
A Study on Detection and Prevention of SQL Injection Attack
IRJET Journal
 
Ijcatr04041018
Editor IJCATR
 
Sql Injection
penetration Tester
 
SQL Injection: Unraveling the Threats
InsecureLab
 
Prevention of SQL injection in E- Commerce
ijceronline
 
Sql injection
Praneeth Perera
 
The International Journal of Engineering and Science (The IJES)
theijes
 
GreenSQL Security
ijsrd.com
 
Overview on SQL Injection Attacks
ijsrd.com
 
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
Boston Institute of Analytics
 
kjkl.pptxsdfdsafsadfsdagsadfsadfasdggasdf
KhalidAhmadGhiasi
 
Step by step guide for web application security testing
Avyaan, Web Security Company in India
 
Web security
dogangcr
 
A METHOD OF DETECTING SQL INJECTION ATTACK TO SECURE WEB APPLICATIONS
samueljackson3773
 
Security testing
Tabăra de Testare
 
Ad

Recently uploaded (20)

PDF
Engaging Stakeholders in Policy Discussions: A Legal Framework (www.kiu.ac.ug)
publication11
 
PPTX
chapter 2 entrepreneurship full lecture ppt
annejo20
 
DOCX
Emerging Dubai Investment Opportunities in 2025.docx
jenwhite023
 
DOCX
Center Enamel Powering Innovation and Resilience in the Italian Chemical Indu...
cecvessels
 
DOCX
Hand book of Entrepreneurship 4 Chapters.docx
DrSubinKMohan
 
PDF
Tortilla Mexican Grill 发射点犯得上发射点发生发射点犯得上发生
ssun243
 
PPT
Retail Management and Retail Markets and Concepts
SurbhiChoudhary37
 
PPTX
Portfolio Example- Market & Consumer Insights – Strategic Entry for BYD UK.pptx
SijoStanleyJoseph
 
PPTX
operations management : demand supply ch
JayeshJaiswal23
 
PPTX
Understanding Procurement Strategies.pptx Your score increases as you pick a ...
ssuser886aa1
 
PPTX
Market and Demand Analysis.pptx for Management students
DrKavitaRani2
 
PPTX
IMM marketing mix of four ps give fjcb jjb
aruntambralli3813
 
PDF
#1 Safe and Secure Verified Cash App Accounts for Purchase.pdf
Buy Verified Cash App Accounts
 
PPTX
Project Management_ SMART Projects Class.pptx
ravindra661395
 
PDF
MBA2024 CGE 1.pdf file presentation 2025
ppzvs7r8k6
 
PPTX
CTG - Business Update 2Q2025 & 6M2025.pptx
HcTrSoros
 
PDF
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PPTX
BUSINESS CYCLE_INFLATION AND UNEMPLOYMENT.pptx
TasmiaThalil
 
PPTX
df0ee68f89e1a869be4bff9b80a7 business 79f0.pptx
diksha27bhardwaj
 
PDF
Satish NS: Fostering Innovation and Sustainability: Haier India’s Customer-Ce...
red402426
 
Engaging Stakeholders in Policy Discussions: A Legal Framework (www.kiu.ac.ug)
publication11
 
chapter 2 entrepreneurship full lecture ppt
annejo20
 
Emerging Dubai Investment Opportunities in 2025.docx
jenwhite023
 
Center Enamel Powering Innovation and Resilience in the Italian Chemical Indu...
cecvessels
 
Hand book of Entrepreneurship 4 Chapters.docx
DrSubinKMohan
 
Tortilla Mexican Grill 发射点犯得上发射点发生发射点犯得上发生
ssun243
 
Retail Management and Retail Markets and Concepts
SurbhiChoudhary37
 
Portfolio Example- Market & Consumer Insights – Strategic Entry for BYD UK.pptx
SijoStanleyJoseph
 
operations management : demand supply ch
JayeshJaiswal23
 
Understanding Procurement Strategies.pptx Your score increases as you pick a ...
ssuser886aa1
 
Market and Demand Analysis.pptx for Management students
DrKavitaRani2
 
IMM marketing mix of four ps give fjcb jjb
aruntambralli3813
 
#1 Safe and Secure Verified Cash App Accounts for Purchase.pdf
Buy Verified Cash App Accounts
 
Project Management_ SMART Projects Class.pptx
ravindra661395
 
MBA2024 CGE 1.pdf file presentation 2025
ppzvs7r8k6
 
CTG - Business Update 2Q2025 & 6M2025.pptx
HcTrSoros
 
Susan Semmelmann: Enriching the Lives of others through her Talents and Bless...
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
BUSINESS CYCLE_INFLATION AND UNEMPLOYMENT.pptx
TasmiaThalil
 
df0ee68f89e1a869be4bff9b80a7 business 79f0.pptx
diksha27bhardwaj
 
Satish NS: Fostering Innovation and Sustainability: Haier India’s Customer-Ce...
red402426
 
Ad

SQL INJECTION ATTACKS.pptx

  • 1. LOYOLA – ICAM COLLEGE OF ENGINEERING AND TECHNOLOGY (LICET) Loyola College Campus, Nungambakkam , Chennai – 34 AVOIDING VULNERABILITY IN DATAADMITTANCE OF WEB APPLICATIONS BASED ON ENCRYPTION TECHNIQUES Done by Guide L.DIVYA [32810104013] Mr L REMEGIUS PRAVEEN SAHAYARAJ V.PAVITHRA [32810104042] P.SHANTHI PRIYA [32810104054] Area Of Reasearch: Database Security
  • 2. INTRODUCTION • Area Of Research: Database Security • A less secure Web application design may allow crafted injection and malicious update on the backend database. This trend can cause lots of damages and thefts of trusted users sensitive data by unauthorized users • Motivation of this Research 1. Encryption & hashing will provide more security in database. 2. SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique. • Web Application is a Three Tier Architecture with Client, Server & DataBase. •
  • 3. AGENDA • Abstract. • Existing system. • Proposed system and its limitations. • System Architecture and its advantages. • Screenshots. • Conclusion. • References.
  • 4. ABSTRACT Web applications are steadily increasing in our daily routines activities and continue to integrate them. Online Banking, On-line reservations, on-line shopping expect these web applications to be secure and reliable the terror of SQL– Injection Attacks has become increasingly frequent and serious. SQL Injection Attacks are one of the topmost threats for web application security. Using SQL Injection attackers can leak confidential information: such as credit card numbers, ATM pins, User credentials from web applications and even corrupt the database. In this paper, some predefined methods are discussed and integrated approach of encryption method with secure hashing is applied in the database to avoid attack on each and every phase.
  • 5. EXISTING SYSTEM • Tame-card detection and prevention • Functionality of temporary authentication • Vulnerability detection -Static analysis -Dynamic analysis • Predefined method and hybrid encryption methods applied • Hash value approach with SQLIPA prototype • Runtime attack prevention - Client side prevention - Server side prevention
  • 6. LIMITATIONS • SQL Injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. • Essentially, the attack is accomplished by placing a meta character into data input to then place SQL commands in the control plane, which did not exist there before. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.
  • 7. Literature survey Title Work done Inference Detection of SQL Injection Attack and Various Prevention Strategies. This paper presents a security methods we are able to reduce the total number of alerts from four to zero alert by scanning the website using vulnerability tool. SQL Injection attack occurs due to vulnerabilities present in the website that allows the hacker to by passes the SQL statements and hence enters into the database queries directly. SQL Injection is the first step in entry to exploiting or hacking any website available on internet. Got Clear Idea about Attacks and this algorithm is like mutation based so it takes plenty of time to identify the attacks Protection of Web Application againstSql Injection Attacks In this paper, various types of SQL injection attacks as well as predefined prevention methods are discussed. Then the hybrid encryption method is used which includes AES encryption and Rabin’s cryptosystem. The reason behind the use of two layer of encryption is that it will be more secured. SQL query is generated and encrypted by Rabin’s cryptosystem because even if hackers hack the information and decode the AES encryption part, it will still be more difficult for them to know about the encrypted query Add some more security to databases to avoid SQL injection attack.
  • 8. Cont.. SQL INJECTION Attacks in Web Application In this paper, we have presented the rst formal definition of command injection attacks in web applications. Based on this definition, we have developed a sound and complete runtime checking algorithm for preventing command injection attacks and produced a working implementation of the algorithm. SQLCIAs precisely and incurred low runtime overhead. Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA This paper also contains strengths and weaknesses of various SQL injection attacks. At last we also proposed the scheme to handle the SQLIA and strong enough to prevent them. The use of internet increases day by day. As the number of computer users increases, the number reported cases of cybercrime increases. While, on the other side, the organization increases the use of office automation software & services, that helps them to maintain the confidential information with less efforts. A new approach that is completely based on the hash method of using the SQL queries in the web-based environment, which is much secure and provide the prevention from the attackers SQL.
  • 9. PROPOSED SYSTEM • AES encryption and combined approach of secure hashing on encryption. • By applying encryption technique, database attacks can be prevented. Encryption of data basically helps to change the data into a form that is not readable. Without the correct key, this format can’t be deciphered even if attacker hacks the information. Application of encryption in login phase makes it difficult for unauthorized users to access the database.
  • 10. ADVANTAGES • Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. • Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password. • Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability. • Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.
  • 11. OVERALL SYSTEM ARCHITECTURE Username Password Encrypted AES Code AES SHA1 SHA(AES) Username & Password Registration Encrypted string of Username & Password Data Base Access Permitted Value check in DB No Access SQL Injection Attack Authentication Schemes Login Interface
  • 12. OVERALL SYSTEM ARCHITECTURE • SQL injection attacks are nothing but injecting malicious queries by the hackers into the application projected queries to get the desired outputs from the database. SQL Injection allows an attacker to create, read, update, modify, or delete data stored in the back-end database. • While Typing SQL keywords and control signs an intruder is able to modify the structure of SQL query developed by a Web designer. • SQL Injection attacks can take place when a web application utilizes user-supplied data without proper validation or encoding as part of a command or query
  • 13. RESULTS Registering the username and password in the login page Username and Password stored in the login table
  • 14. Unprotected login page Protected Login
  • 16. CONCLUSION • SQL query is generated and encrypted by using AES technique which is further hashed by a secure hashing technique and as we know hashed codes is a one way encryption technique thus it is not possible to decode it. This proposed integrated approach is an effort to add some more security measures to databases to avoid SQL injection attack. • The web-application code perfectly contains a policy that allows distinguishing lawful and malicious queries. • This area is in need of more research, mainly because of various reasons: SQL injection attacks are most probable to change and new vulnerabilities will be found, collectively with new countermeasures to deal with them. As many hacking sites are existing on the web, and since attack methods are well described and circulated between hackers, we believe that information about new attack methods must be constantly surveyed and new counter measures should be developed. • So, in future, a new technique can be developed so that it is capable for other varieties of SQL Injection Attacks also. Due to which, this technique will be able to prevent SQL Injection Attack totally.
  • 17. REFERENCES [1] Priyanka, Vijay Kumar Bohat, (April 2013) ’Detection of SQL Injection Attack and Various Prevention Strategies’, International Journaand Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-2, Issue-4. [2] Sonam Panda, 1 Ramani S2,(Jan-Feb.2013),’Protection of Web Application against Sql Injection Attacks ‘, International Journal of Modern Engineering Research (IJMER) Vol.3, Issue.1, pp-166-168 ISSN: 2249-6645. [3] Mihir Gandhi, JwalantBaria,( January 2013)’SQL INJECTION Attacks in Web Application’International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-6. [4] By Mayank Namdev*, Fehreen Hasan, Gaurav Shrivastav(July 2012) ‘Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA”Volume 2, Issue 7. [5] Shubham Srivastava1, Rajeev Ranjan Kumar Tripathi, ‘Attacks Dueto SQL Injection & Their Prevention Method for Web-Application (IJCSIT) International Journal of Computer Science and InformationTechnologies, Vol. 3 (2) , 2012,3615-3618. [6] Indrani Balasundaram, E.Ramaraj,’An Authentication Scheme forPreventing SQL injection Attack using Hybrid Encryption’ (ISSN 1450-216,2011, Vol.53,pp.359-368. [7] AtefehTajpour et al. ‘Evaluation of SQL Injection Detetion andPrevention Techniques’ Second International Conference onComputational Intelligence, 2010. [8] Shaukat Ali, Azhar Rauf, Huma Javed,’SQLIPA: An Authentication Mechanism Against SQL Injection’, European Journal of Scientific Research ISSN 1450-216X Vol.38 No.4 (2009), pp 604-611. [9] Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour,( September 2013) ‘Study of SQL Injection Attacks and Countermeasures’, International Journal of Computer and Communication Engineering, Vol. 2, No. 5. [10] W. G. Halfond, J. Viegas, and A. Orso , ‘A Classification of SQLInjection Attacks and Countermeasures,’ in Proc. the International Symposium on Secure Software Engineering 2006.