Security in software applications is the most important aspect of any information management system. Recent trends in data driven software application technologies have proven that the significance of data and its security is paramount for any application. This research presents various techniques and approaches in enforcing data security from web attacks through SQL injection. SQL injection is a technique of inserting malicious code to exploit web sites. It has become more prevalent during the recent times, but it is not taken as a serious security risk till the end of development phase. Though recent developments in web security have provided powerful strategies each one of them has its own disadvantages likes rewriting the source code or unable to detect all vulnerabilities in the web application. Hence, there is a need for a mechanism where the application code could be compiled and pitfalls detected during the development process.;This research work proposes a tool called SQL Injection Vulnerability Detection Technique (SQLIV-DT) that detects vulnerabilities in the SQL code and helps the application developers to add an additional measure of prevention during the code development process. The proposed mechanism is based on best practices in Query writing in a larger scope and it remains to be a more stable approach with fewer changes needed in implementation against a future SQL Injection types. This mechanism in real time throws warning messages for queries that are potential risks against a future SQL-Injection attack. The techniques presented in the paper apply to any data driven applications which are potentially prone to SQL injection attacks. The contribution of this research is to provide mechanisms to detect vulnerable code, thereby educating the developers of the potential risks against a future SQL injection attack.
展开▼
