A SECOND-ORDER SQL INJECTION DETECTION METHOD

The Second-order SQL injection is a serious threat to Web application and it is more difficult to detect than first-order SQL injection. The attack payload of second-order SQL injection is from untrusted user input and stored in database or file system, the SQL statement submitted by web application is usually dynamically assembled by a trusted constant string in the program and untrusted user input, and the DBMS in unable to distinguish the trusted and untrusted part of a SQL statement. The paper presents a method of detecting second-order SQL

injection attacks based on ISR(Instruction Set Randomization). The method randomizes the trusted SQL keywords contained in Web applications to dynamically build new SQL instruction sets, and add a proxy server before DBMS, the proxy detects whether the received SQL instruction contains standard SQL keywords to find attack behavior. Simulation video(given below) shows that this system can effectively detect second-order SQL injection attack and has low processing cost objective of this project is to prevent the user from accessing the server when using SQL injection techniques and logs the attacker IP address in a server.

Reference Paper: A SECOND-ORDER SQL INJECTION DETECTION METHOD

Author’s Name: Chen Ping

Source: IEEE

Year:2017

Click here to DOWNLOAD the design detail and execution document.

Request source code for academic purpose, fill REQUEST FORM or contact +91 7904568456 by WhatsApp or info@verilogcourseteam.com, fee applicable.

SIMULATION VIDEO DEMO

NEXT PAGE