Integration of SQL Injection Prevention Methods

Authors

  • Shahbaaz Mohammed Hayat Chaki School of Computing, Faculty of Engineering Universiti Teknologi Malaysia 81310 UTM Johor Bahru, Johor, Malaysia https://orcid.org/0000-0001-6761-681X
  • Mazura Mat Din School of Computing, Faculty of Engineering Universiti Teknologi Malaysia 81310 UTM Johor Bahru, Johor, Malaysia
  • Maheyzah Md Siraj School of Computing, Faculty of Engineering Universiti Teknologi Malaysia 81310 UTM Johor Bahru, Johor, Malaysia

DOI:

https://doi.org/10.11113/ijic.v9n2.232

Keywords:

SQL Injection, SQL Injection Prevention, SQL Attacks, Prevention Methods

Abstract

In everybody’s life including the organisations, database plays a very important role, since today everything is connected via the Internet. There is a need for a database that helps organisations to organise, sort and manage the data and ensure that the data a user receives and sends via the database mean is secure, since the database stores almost everything such as banking details including user ID and password. Make this data really valuable and confidential for us and therefore security is really important for the database. In this age, SQL Injection database attacks are increasingly common. The hackers attempt to steal an individual’s valuable data through the SQL Injection Attack mean by using malicious query on the application, hence revealing an efficient individual data. Therefore the best SQL Injection Prevention technique is needed to safeguard individual data against hackers being stolen. This paper compares two types of SQL Injection using the SQL pattern matching database system attack (SQLPMDS) and a SQL injection union query attacks prevention using tokenisation technique (SIUQAPTT) that allows Database Administrator to select the best and most effective SQL Injection Prevention method for their organisation. Preventing SQL Injection Attack from occurring that would ultimately lead to no user data loss. The results were obtained by comparing it to the results of the SQL injection attack query on whether the attack was blocked or not by two prevention techniques, SQL pattern matching database system attacks and SQL injecting union query attacks prevention using website tokenisation techniques. The conclusion is that the best method of prevention is the SQL pattern that matches database system attacks.

Downloads

Published

2019-11-28

How to Cite

Chaki, S. M. H., Mat Din, M., & Md Siraj, M. (2019). Integration of SQL Injection Prevention Methods. International Journal of Innovative Computing, 9(2). https://doi.org/10.11113/ijic.v9n2.232

Issue

Section

Computer Science