"Model Based Approach to Prevent SQL Injection Attacks on .NET Applicat" by Shikhar Jain and Alwyn R. Pais

International Journal of Computer Science and Informatics

Article Title

Model Based Approach to Prevent SQL Injection Attacks on .NET Applications

Authors

Shikhar Jain, Computer Science and Engineering Deptt., National Institute of Technology, Karnataka, Surathkal, IndiaFollow
Alwyn R. Pais, Computer Science and Engineering Deptt., National Institute of Technology, Karnataka, Surathkal, IndiaFollow

Abstract

Web applications support static and dynamic queries to access the database. Dynamic queries take input from the user and use that input to form the query. A user can give malicious input to the application which results in an incorrect query or an unauthorized query and performs vulnerable action on the database. In this paper, we presented an approach to prevent SQL injection attack (SQLIA) on .Net applications using static and dynamic analysis of the queries. The paper explains comparison of Dynamic query model and static query model in order to validate the query before sending it to the database. The result obtained proves that our designed tool has achieved prevention from SQL injection at greater extend.

Recommended Citation

Jain, Shikhar and Pais, Alwyn R. (2011) "Model Based Approach to Prevent SQL Injection Attacks on .NET Applications," International Journal of Computer Science and Informatics: Vol. 1: Iss. 2, Article 13.
DOI: 10.47893/IJCSI.2011.1026
Available at: https://www.interscience.in/ijcsi/vol1/iss2/13

DOI

10.47893/IJCSI.2011.1026

Download

Included in

Computer Engineering Commons, Information Security Commons, Systems and Communications Commons

COinS