Detection & prevention of sql injection & cross - site scripting attacks using spweptlu technique

SQL (Structured Query Language) injection is the most common and potentially hazardous attack that allows the attackers to fully manage the database by injecting or passing different malicious statements to the database engine in order to manipulate the data irresponsibly. This penetration to the system can cause serious damages such as stealing sensitive information, causing corruption in an organization or dismantling organization’s operations. On the other hand XSS (Cross Site Scripting) is another type of security vulnerability that empowers the attackers to place client side scripts into a web pages visited by the users. In this paper we present optimal solution for detecting and preventing SQL and XSS injection attacks by restricting stored procedures with execute permission only to legitimate users.

The paper is organized as: Part-I is dedicated to the brief introduction of SQL & XSS attacks. In Part-II & Part-III a complete introduction of SQLIA along with different types of SQL attacks are explained. In Part-IV XSS is described briefly while, in Part-V relevant literature has been explored. In Part-VI the solution along with implementation are explained in the form of algorithms and flow charts whilst, in the last part conclusion and future work are illustrated.

Author(s): Sayed Yousuf Mahbobi

Abstract | Full-Text | PDF

Share This Article