•  
  •  
 

International Journal of Computer Science and Informatics

Abstract

Web applications support static and dynamic queries to access the database. Dynamic queries take input from the user and use that input to form the query. A user can give malicious input to the application which results in an incorrect query or an unauthorized query and performs vulnerable action on the database. In this paper, we presented an approach to prevent SQL injection attack (SQLIA) on .Net applications using static and dynamic analysis of the queries. The paper explains comparison of Dynamic query model and static query model in order to validate the query before sending it to the database. The result obtained proves that our designed tool has achieved prevention from SQL injection at greater extend.

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.