Combined measures against SQL-Injection attacks
In today’s world, we see continuous increase in security threats of web-based napplication as our dependence on these applications increase through our integration of them into our everyday activities. Virtually everything is done on the web. SQL injection is one of the most serious attacks against web applications. This attack grants intruder’s unrestricted access to databases at the back end of web applications and sensitive information it contains. Although a lot of research and publications have been done on this subject, the challenge of SQL injection still remains. In this paper, we put forward a fortified technique to counter SQL-Injection Attacks (SQLIA). We examined and analyzed previously executed solutions aimed at tackling SQL-injection. We also present a unified solution that combines some previously existing detection and prevention techniques against SQL injection attacks. We used the Agile Unified Process (AUP) to design and develop the new system. The serial nature of Agile UP is captured in its four phases: inception, elaboration, construction, transition. We also used Java platform – specifically the JSP and JDBC libraries in the J2EE framework because it provides; Platform independence, multithreaded system, scalability. Java also provides the class in prepared statement (in JBC) which deals with SQLIA..
Keywords: SQL Injection prevention; threats on web application; SQL injection attacks