Combinatorial Approach for Preventing SQL Injection Attacks

摘要

A combinatorial approach for protecting Web applications against SQL injection is discussed in this paper, which is a novel idea of incorporating the uniqueness of Signature based method and auditing method. The major issue of web application security is the SQL Injection, which can give the attackers unrestricted access to the database that underlie Web applications and has become increasingly frequent and serious. From signature based method standpoint of view, it present a detection mode for SQL injection using pair wise sequence alignment of amino acid code formulated from wab application form parameter sent via web server. On the other hand from the Auditing based method standpoint of view, it analyzes the transaction to find out the malicious access. In signature based method It uses an approach called Hirschberg algorithm, it is a divide and conquer approach to reduce the time and space complexity. This system was able to stop all of the successful attacks and did not generate any false positives.