Open Access  Subscription or Fee Access

Information is the highest valuable business treasure in current surroundings and acquiring a desired level of information security. SQL injection attacks are one of the primary hazards for web application security. To provide protection to the databases from inside or outside, it is suggested to monitor the access of sensitive databases. The fear of SQL injection attacks has become progressively familiar and serious. In order to overcome this problem “Protection to SQL Injection Attacks using Web Service” is proposed. Here the input given by the user will be sent to web service. This web service will check for the SQL injection commands. If it is present then it will warn the user or modify the input given by the user. This web service is globally available. The advantage of using our web service is to provide protection for SQL injection attacks.

Sensitive database, Structured Query Language (SQL), SQL-Injection Attacks (SQLIA), Web Service.

William G J, Hal fond, Alessandro Orso, “A classification of SQL injection attacks and counter measures,” proc IEEE int’l symp. Secre software Engg. Mar. 2006.

Muthuprasanna Ke wei, Suraj Kothari, “Eliminting SQL injection attacks-A transparent defense mechanism”, Prof. Jim Whitehead CMPS 183.spring 2006,May 17,2006.

Amirtahmasebi, K., Jalalinia, S.R., and Khadem, S., “A survey of SQL injection defense mechanisms”. International Conference for Internet Technology and Secured Transactions (ICITST 2009), 9-12 Nov. (2009).

JaroslawSkaruz, Jerzy PawelNowacki, and AldonaDrabik, “Soft Computing Techniques for Intrusion Detection of SQL-Based Attacks,” Springer-Verlag Berlin Heidelberg, LNAI 5990, pp. 33-42, 2010.

E M Fayo, “Advanced SQL Injection in Oracle Databases,” Technical report,Black Hat USA, May 2005.

C A Mackay, “SQL Injection Attacks and Some Tips on How to Prevent them,” Technical report, The Code Project, january 2005.

S. McDonald. SQL Injection: Modes of attack, defense, and why it matters. White paper, Government security.org, April 2002.

V B Livshits and M S Lam, “ Finding Security Errors in Java Programs with Static Analysis”, pages 271–286, Aug. 2005.

F Valeur, D Mutz, G Vigna, “A learnig-based approach to the detection of intrusions and malware vulnerability assessment, july 2005.

Anyi Liu, Yi Yuan, Duminda Wijesekera, “SQLProb: A Proxy-based Architecture towards Preventing SQL Injection Attacks”,Honolulu, Hawaii, U.S.A. SAC‟09 March 8-12, 2009.

Yang Haixia, Nan Zhihong “A Database Security Testing Scheme of Web Application”, 4th International Conference on Computer Science & Education, Nanning, September, 2009.

Martin Bravenboer, Eelco Dolstra b, Eelco Visser, “Preventing injection attacks with syntax embeddings”, Science of Computer Programming, Volume 75, Issue 7,1 July 2010,Pages 473-495

“ODBC Error Codes” http://msdn. microsoft.com/en - us/library/ ms714687(VS.85).aspx

Pixy, http://pixybox.seclab.tuwien.ac.at/pixy/

Johannes B. Ullrich, Chief research officer and Jason Lam “Defacing websites via SQL injection” Journal of Network Security, Volume 2008, Issue 1, January 2008, Pages 9 -10

Internet Crime Complaint Centre”http://www.ic3.gov