Title: A four-phase methodology for protecting web applications using an effective real-time technique
Authors: Nabeel Salih Ali
Addresses: Information Technology Research and Development Centre, University of Kufa, AL-Najaf, Al-Kufa St, Iraq
Abstract: Web applications have become widely pervasive in all types of Internet-based services. Thus, security is one of the major concerns as most web applications suffer from vulnerabilities, making them attractive targets for security attacks. Structured Query Language Injection Attack (SQLIA) on stored procedures poses serious threats in the underlying database of any application. This article presents the methodological issues of developing a web application SQLI protector tool to detect stored procedures of SQLIAs. Our technique uses real-time settings based on positive tainting approach, accurate and efficient taint propagation and syntax-aware evaluation of the query strings at the application level are used to detect illegal queries before they reach the database. Then, the proposed tool is evaluated based on its efficiency and effectiveness in practices. In addition, detection techniques used are also analysed. The developed tool is effective given its capability to detect and stop all SQLIAs in a real-time environment.
Keywords: web applications; structured query language; SQL injection; SQLI attacks; injection attacks; stored procedures; real-time; web security; attack detection; vulnerabilities; network security.
DOI: 10.1504/IJITST.2016.083008
International Journal of Internet Technology and Secured Transactions, 2016 Vol.6 No.4, pp.303 - 323
Received: 21 Oct 2016
Accepted: 17 Dec 2016
Published online: 17 Mar 2017 *