Integration of SQL injection prevention methods

In everybody’s life including the organisations, database plays a very important role, since today everything is connected via the Internet. There is a need for a database that helps organisations to organise, sort and manage the data and ensure that the data a user receives and sends via the databa...

Full description

Saved in:
Bibliographic Details
Main Authors: Chaki, Shahbaaz Mohammed Hayat, Mat Din, Mazura, Md. Siraj, Maheyzah
Format: Article
Language:English
Published: Penerbit UTM Press 2019
Subjects:
Online Access:http://eprints.utm.my/id/eprint/85239/1/MaheyzahMdSiraj2019_IntegrationofSQLInjectionPrevention.pdf
http://eprints.utm.my/id/eprint/85239/
https://dx.doi.org/10.11113/ijic.v9n2.232
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknologi Malaysia
Language: English
Description
Summary:In everybody’s life including the organisations, database plays a very important role, since today everything is connected via the Internet. There is a need for a database that helps organisations to organise, sort and manage the data and ensure that the data a user receives and sends via the database mean is secure, since the database stores almost everything such as banking details including user ID and password. Make this data really valuable and confidential for us and therefore security is really important for the database. In this age, SQL Injection database attacks are increasingly common. The hackers attempt to steal an individual’s valuable data through the SQL Injection Attack mean by using malicious query on the application, hence revealing an efficient individual data. Therefore the best SQL Injection Prevention technique is needed to safeguard individual data against hackers being stolen. This paper compares two types of SQL Injection using the SQL pattern matching database system attack (SQLPMDS) and a SQL injection union query attacks prevention using tokenisation technique (SIUQAPTT) that allows Database Administrator to select the best and most effective SQL Injection Prevention method for their organisation. Preventing SQL Injection Attack from occurring that would ultimately lead to no user data loss. The results were obtained by comparing it to the results of the SQL injection attack query on whether the attack was blocked or not by two prevention techniques, SQL pattern matching database system attacks and SQL injecting union query attacks prevention using website tokenisation techniques. The conclusion is that the best method of prevention is the SQL pattern that matches database system attacks.