Safety Measures and Auto Detection against SQL Injection Attacks
Sandeep Choudhary1, Nanhay Singh2
1Sandeep Choudhary*, Department of CSE , Ambedkar Institute of Advanced Communication Technologies & Research, Delhi (India) .
2Prof. (Dr) Nanhay Singh, Department of CSE, Ambedkar Institute of Advanced Communication Technologies & Research, Delhi (India).
Manuscript received on November 22, 2019. | Revised Manuscript received on December 15, 2019. | Manuscript published on December 30, 2019. | PP: 2827-2833 | Volume-9 Issue-2, December, 2019. | Retrieval Number: B3316129219/2019©BEIESP | DOI: 10.35940/ijeat.B3316.129219
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The SQL injection attack (SQLIA) occurred when the attacker integrating a code of a malicious SQL query into a valid query statement via a non-valid input. As a result the relational database management system will trigger these malicious query that cause to SQL injection attack. After successful execution, it may interrupts the CIA (confidentiality, integrity and availability) of web API. The vulnerability of Web Application Programming Interface (API) is the prior concern for any programming. The Web API is mainly based of Simple Object Access Protocol (SOAP) protocol which provide its own security and Representational State Transfer (REST) is provide the architectural style to security measures form transport layer. Most of the time developers or newly programmers does not follow the standards of safe programming and forget to validate their input fields in the form. This vulnerability in the web API opens the door for the threats and it’s become a cake walk for the attacker to exploit the database associated with the web API. The objective of paper is to automate the detection of SQL injection attack and secure the poorly coded web API access through large network traffic. The Snort and Moloch approaches are used to develop the hybrid model for auto detection as well as analyze the SQL injection attack for the prototype system.
Keywords: Moloch, Snort, Sqlmap, SQLIA, Threats, Web API vulnerability.