Query Parsing at the Application Layer to Prevent Sql Injection
Query Parsing At the Application Layer to Prevent Sql Injection
Presented by
Saurabh Jain
---------------------------------------------------------------------------------------------------------------------
Abstract
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. Thus when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. The code for this attack can be inserted from the application by the attacker so the idea behind to avoid sql injection is to analyze the query at the application layer so that the vulnerable code never get executed. We have analyzed that a small piece of code injected from the application could let the user to bypass the login system. So we will analyze the code at the application layer to see that if any malicious sql statements are present then the application would stop that code to be executed by the sql server. The objective of the project is to design a secure layer at the application level so that the whole sql query will be parsed and analyze by the application to see if the query contains any
sql injection code and if it contains it will not be executed by the sql server. The query needs to be filter at the application layer before it is being sent to the database server. The scope is to develop the secure algorithm which would analyze the query before it is being executed. The algorithm acts as a secure layer through which the query passes and it’s being checked for malicious sql injection code.
Introduction
Since database is used in almost all the application nowadays and we are focusing mainly an on web application that uses MS sql server or My sql server as a database. A small code can be inserted from the application while entering the basic details and it can be a malicious Sql code which when executed can
Presented by
Saurabh Jain
---------------------------------------------------------------------------------------------------------------------
Abstract
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. Thus when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. The code for this attack can be inserted from the application by the attacker so the idea behind to avoid sql injection is to analyze the query at the application layer so that the vulnerable code never get executed. We have analyzed that a small piece of code injected from the application could let the user to bypass the login system. So we will analyze the code at the application layer to see that if any malicious sql statements are present then the application would stop that code to be executed by the sql server. The objective of the project is to design a secure layer at the application level so that the whole sql query will be parsed and analyze by the application to see if the query contains any
sql injection code and if it contains it will not be executed by the sql server. The query needs to be filter at the application layer before it is being sent to the database server. The scope is to develop the secure algorithm which would analyze the query before it is being executed. The algorithm acts as a secure layer through which the query passes and it’s being checked for malicious sql injection code.
Introduction
Since database is used in almost all the application nowadays and we are focusing mainly an on web application that uses MS sql server or My sql server as a database. A small code can be inserted from the application while entering the basic details and it can be a malicious Sql code which when executed can