Open AccessModel Based Approach to Prevent SQL Injection Attacks on .NET Applications
Author(s) -
Suchita Jain,
Alwyn Roshan Pais
Publication year - 2011
Publication title -
international journal of computer science and informatics
Language(s) - English
Resource type - Journals
ISSN - 2231-5292
DOI - 10.47893/ijcsi.2011.1026
Subject(s) - computer science , sql injection , query by example , sql , query optimization , sargable , database , query language , spatial query , query expansion , web query classification , web search query , stored procedure , online aggregation , data mining , information retrieval , search engine
Web applications support static and dynamic queries to access the database. Dynamic queries take input from the user and use that input to form the query. A user can give malicious input to the application which results in an incorrect query or an unauthorized query and performs vulnerable action on the database. In this paper, we presented an approach to prevent SQL injection attack (SQLIA) on .Net applications using static and dynamic analysis of the queries. The paper explains comparison of Dynamic query model and static query model in order to validate the query before sending it to the database. The result obtained proves that our designed tool has achieved prevention from SQL injection at greater extend.