To Support Customers in Easily and Affordably Obtaining the Latest Peer-Reviewed Research, Receive a 20% Discount on ALL Publications and Free Worldwide Shipping on Orders Over US$ 295
Additionally, Enjoy an Additional 5% Pre-Publication Discount on all Forthcoming Reference BooksBrowse Titles

Special Offers
- Receive Complimentary Electronic Access to the First, Second, Third, and Fourth Edition of the
  Encyclopedia of Information Science and Technology with the Purchase of the Fifth Edition
  For a limited time, receive the complimentary e-books for the first, second, third, and fourth editions with the purchase of the Encyclopedia of Information Science and Technology, Fifth Edition e-book*. Offer is only valid when purchasing the fifth edition’s hardcover + e-book or e-book only option directly through IGI Global’s Online Bookstore (www.igi-global.com/books) and is not intended for use by book distributors or wholesalers. Contact Customer Service, cust@igi-global.com, for details. Offer expires July 1, 2021.
  Learn More
  Receive a 50% Discount on All IGI Global Major Reference Works in Electronic Format through GOBI
  Until December 31, 2020, you can receive a 50% discount on all Major Reference Works (i.e. encyclopedias, handbooks of research, and research anthologies) in electronic format ordered on the IGI Global InfoSci platform through GOBI. This discount is only applicable on e-books ordered on GOBI through IGI Global's InfoSci platform and e-books are available for PDF and/or ePUB download, unlimited simultaneous users, and no DRM.
  Browse Titles
- IGI Global is Now Offering a 5% Pre-Publication Discount on
  All Reference Books Ordered Through IGI Global’s Online Bookstore*
  To support customers with accessing the latest research, IGI Global is offering a 5% pre-publication discount on all hardcover, softcover, e-books, and hardcover + e-books titles.
  *5% discount offer is eligible on hardcover, softcover, e-books, and hardcover + e-books titles and is automatically applied directly to the shopping cart. Discount offer only valid on purchases made directly through IGI Global’s Online Bookstore and offer expires 30 days after the publication’s release. This automatic discount is not intended for use by book distributors or wholesalers.
  Browse Titles
  Receive Free Shipping on Orders Over US$ 295.00
  Free shipping will be automatically applied to shopping cart orders over US$ 295.00 or more before tax, which can include a combination of print and non-shippable products (i.e. e-books, e-journals, and articles/chapters). It is only available when you order directly through IGI Global’s Online Bookstore and is only valid on standard U.S. and international shipping. There will be additional charges for express shipping and limitations may apply.
  Browse Titles
- Receive a 50% Discount on All Major Reference Works in Electronic Format
  IGI Global is offering a 50% discount on their Major Reference Works when customers order directly through the IGI Global Online Bookstore. This discount includes IGI Global's Handbooks of Research, Research Anthologies, and Encyclopedias, which are ideal for institutions looking for all-encompassing reference sources.Valid until December 31, 2020.
  View Titles
- Offering a 50% Discount on All Individual E-Journal 2021 Subscriptions
  To ensure that institutions can affordably acquire critical content, IGI Global is offering a 50% discount on all individual e-journal 2021 subscriptions through IGI Global’s Online Bookstore and preferred subscription agencies, including EBSCO Subscription Services, LM Information Delivery, Otto Harrassowitz, and more. Valid until December 31, 2020.
  Browse Journals
- Must-Have Resource! InfoSci-Knowledge Solutions Databases
  IGI Global is now offering a new collection of InfoSci-Knowledge Solutions databases, which allow institutions to affordably acquire a diverse, rich collection of peer-reviewed e-books and scholarly e-journals. Ideal for subject librarians, these databases span major subject areas including business, computer science, education, and social sciences.
  Learn More
- Create a Free IGI Global Library Account to Receive an Additional 5% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 5% discount on single all titles, as well as the award-winning InfoSci^®-Databases.
  Sign Up Now!
Books
Journals
- - Journals
  - Open Access Journals
InfoSci^®-Databases
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
Catalogs
About Us
Newsroom

SQL Injection Attacks Countermeasures

Kasra Amirtahmasebi (Chalmers University of Technology, Sweden) and Seyed Reza Jalalinia (Chalmers University of Technology, Sweden)

Source Title: Threats, Countermeasures, and Advances in Applied Information Security

DOI: 10.4018/978-1-4666-0978-5.ch010

OnDemand PDF Download:

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Chapter Preview

Top

Introduction

Web applications basically work by getting some input/information from outside users. Using string operations, this information is later used and serialized into a textual representation and ultimately, a database-specific command is created and sent to the database for execution. The input from outside users is the basis of SQL injection attacks and can be malicious; therefore they must be monitored and controlled thoroughly. The 2002 Computer Security Institute and FBI revealed that on a yearly basis, over half of all database experience at least one security breach and an average episode results in close to $4 million in losses (C.S. Institute. Computer crime and security survey. http://www.gocsi.com/press/20020407.jhtml, 2002). As a result, input-validation vulnerabilities which are incorrect assumptions of input data must be carefully considered and monitored in order to reduce the risk of injection attacks.

Pietraszek and Berghe (2005) classify input validation vulnerabilities into the following categories.

•
Buffer overflow vulnerabilities are caused by incorrect assumptions on the input’s maximum size. As a result, buffer’s boundary will be overrun and an attacker will be able write to the adjacent memory space.
•
Integer overflow vulnerabilities are a result of insufficient assumptions on the range of the input. In this case, the result of an arithmetic operation will be larger than the memory space provided for the aforementioned variable.
•
Injection vulnerabilities result from invalid assumptions on the type of input provided by the users. A user can enter syntactic content in his/her input and cause the database to perform unauthorized operations.

We have presented six SQL injection prevention techniques in this chapter which will cover a wide range of SQL injection attacks. A combination of these prevention techniques may lead to a more secure and reliable database system.

Top

A Learning-Based Approach To Detect Injection Attacks

Intrusion Detection Systems (IDS) are a common way of protection against malicious behavior and unauthorized access in regular desktop IT systems. An ID plays an important part in detecting and preventing attacks in regular desktop IT systems. Extensive research has been conducted on developing efficient and effective Intrusion Detection Systems. They can become handy when there are no prevention techniques defined for special types of attacks. In this case, intrusion detection systems can alert administrators about the attack so that appropriate measures can be taken.

In typical desktop IT, Intrusion Detection System is categorized as network based or host based IDS. Host based IDS monitors the activities on end systems such as system threads and processes. Network based IDS, on the other hand, monitors and analyzes traffic on the whole network by e.g. packet inspection to find attacks and malicious behavior (Hoppe, 2009).

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

SQL Injection Attacks Countermeasures

Abstract

Introduction

A Learning-Based Approach To Detect Injection Attacks

Complete Chapter List