Enhancing Web Security: A Comprehensive Approach to Detect and Prevent SQL Injection Attacks through Innovative Query Comparison and Encryption Algorithms
DOI:
https://doi.org/10.5281/zenodo.14960117Keywords:
web Application, SQL, PHP, SQL injection attack, prevention, web security, Web Application, SQL, PHP, SQL injection Attack, Prevention, Web SecurityAbstract
In the modern world, web apps are now essential to meeting the daily needs of every company. Databases are used by these applications to store, organize, retrieve, and process data and information. The bulk of its attacks are therefore focused on databases. The frequency of website attacks and the compromise of people's private data are rapidly rising. Since the advent of social networking and e-commerce, web security has gained popularity due to the prevalence of assaults like spam and phishing. For this reason, web applications must be securely designed to prevent unauthorized access to customer databases, bank accounts and transactions are not intercepted, and information is not destroyed or stolen. This paper presents a novel algorithm for website attacks that also stops hackers from gaining early access to databases through the web application without actually accessing the databases. The suggested algorithm uses prevention techniques, blocks the hacker's address, rejects the hacker's request when the query is executed, and updates security often to prevent unauthorized access to the web application. To ensure that everything is adequately safeguarded, this algorithm is also made to operate in many layers, working at the URL and web application levels. Research was conducted to enhance web software security, and a defense system that guards against SQL Injection was created. The developed software creates a protection mechanism using PHP, JavaScript, and regular expression, a formal language theory. This solution gives users a way to secure their web applications from potential attacks by defending against SQL Injection vulnerabilities in web resources.
Downloads
References
[1] E. Pollack, "Protecting against SQL injection: Applications performance and security in microsoft SQL server", Proc. Dyn. SQL, pp. 31-60, 2019.
[2] A. A. Sarhan, S. A. Farhan And F. M. Al-Harby, "Understanding and Discovering SQL Injection Vulnerabilities", Proc. Int. Conf. Appl. Hum. Factors Ergonom., Pp.
1063-1075, 2017
[3] A. Maraj, E. Rogova, G. Jakupi and X. Grajcevci, "Testing Techniques and Analysis of SQL Injection Attacks", Proc. Int. Conf. Knowl. Eng. Appl. (ICKEA), Pp. 1-11, 2017
[4] D. Das, U. Sharma and D. K. Bhattacharyya, "Defeating SQL Injection Attack in Authentication Security: An Experimental Study", Int. J. Inf. Secur., Vol. 18, No. 1, Pp. 1-22, 2017
[5] D. Scott and R. Sharp. Abstracting Application-level Web Security. In Proceedings of the 11th International Conference on the World Wide Web (WWW 2002), pages 396–407, 2002
[6] F. Valeur, D. Mutz, and G. Vigna. A Learning-Based Approach to the Detection of SQL Attacks. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Vienna, Austria, July 2005
[7] H.-C. Huang, Z.-K. Zhang, H.-W. Cheng and S. W. Shieh, "Web application security: Threats countermeasures and pitfalls", Computer, vol. 50, no. 6, pp. 81-85, 2017.
[8] Raut, S., et al., A Review on Methods for Prevention of SQL Injection Attack. International Journal of Scientific Research in Science and Technology, 2019: p. 463-470
[9] Kini, S., et al. SQL Injection Detection and Prevention using Aho-Corasick Pattern Matching Algorithm. in 2022 3rd International Conference for Emerging Technology (INCET). 2022.
[10] Harefa, J., et al., SEA WAF: The Prevention of SQL Injection Attacks on Web Applications. Advances in Science, Technology and Engineering Systems Journal, 2021. 6: p. 405-411.
[11] A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically Hardening Web Applications Using Precise Tainting Information. In Twentieth IFIP International Information Security Conference (SEC 2005), May 2005
[12] Nikita, P., Fahim, and S. Soni, SQL Injection Attacks: Techniques and Protection Mechanisms. International Journal on Computer Science and Engineering, 2011. 3
[13] Akamai, State of the Internet/Security, Q3 2017 Report
[14]
Verizon, 2017 Data breach investigations report, 10th edition.
[15]
Web Attacks and Gaming Abuse Report: Volume 5, Issue 3
[16] Singh JP. Analysis of SQL injection detection techniques[Internet]. 2016 [updated 2016 Dec 15; cited 2016 May 9]. Available from: Crossref.
[17] Dehariya H, Shukla PK, Ahirwar M. A survey on detection and prevention techniques of SQL injection attacks. International Journal of Computer Applications. 2016 Mar; 137(5):9–15. Crossref.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Scientific Research and Modern Technology
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
PlumX Metrics takes 2–4 working days to display the details. As the paper receives citations, PlumX Metrics will update accordingly.
