Proposed Method for SQL Injection Detection and its Prevention

Abstract

SQL injection attack is a commonly used method to attack the database server. Injection attacks enable the attacker to bypass the validation and authorization mechanisms used by database server and gain access to the database. The easiest way to launch this attack is by exploiting the loopholes in the validation of user inputs provided through login pages. Each login page that a user visits can contribute towards revealing the identity of the user. Feedbacks given by the server while executing an SQL code can reveal information regarding the vulnerabilities in the validation process of the database server. This information can be misused by the attacker to launch an SQL injection attack. This paper discusses a technique for identifying and preventing SQL injection attack using tokenization concept. The paper discusses a function which verifies the user queries for the presence of various predefined tokens and thereby preventing the access to web pages in cases where the user query includes any of the defined tokens.