Various Database Attacks and its Prevention Techniques

  IJETT-book-cover  International Journal of Engineering Trends and Technology (IJETT)          
  
© 2014 by IJETT Journal
Volume-9 Number-11                          
Year of Publication : 2014
Authors : K.A.Varunkumar , M.Prabakaran , Ajay Kaurav , S.Sibi Chakkaravarthy , S.Thiyagarajan , Pokala Venkatesh
  10.14445/22315381/IJETT-V9P302

Citation 

K.A.Varunkumar , M.Prabakaran , Ajay Kaurav , S.Sibi Chakkaravarthy , S.Thiyagarajan , Pokala Venkatesh. "Various Database Attacks and its Prevention Techniques", International Journal of Engineering Trends and Technology (IJETT), V9(11),532-536 March 2014. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group

Abstract

Increasing in the popularity of internet, the application of database also widely spread. There are some serious threats because of hackers done various attempts to steal the data in the database. Various attacks like Sql injection, Cross site scripting may change the information in the databases which decreases the truthfulness of the database. Intrusion detection system is used to detect whether the attack is carried on the database. In this paper we surveyed different types of database attacks carried by hackers and some of the prevention techniques to protect the database management system.

References

[1] S. Inoue and T. Matsuda, On the attack feature extraction of SQL Injection Attacks by the Related Word Extraction Algorithm, 20 12-MPS-87(30), 1-2, 2012 (in Japanese).
[2] T. Oishi, S. Kuramoto, T. Mine, R. Hasegawa, H. Fujita and M. Koshimura, A Method for Query Generation Using the Related Word Extraction Algorithm, The Institute of Electronics Information and Communication Engineers, J92-D(3), pp. 281-292, 2009 (in Japanese).
[3] 1.Antunes, N. and M. Vieira, “Defending against Web Application Vulnerabilities.” Computer, 2012. 45(2): p. 66-72.
[4] (OWASP), “O.W.A.S.P. Top 10 Vulnerabilities.”; Available from: https://www.owasp.org/index.php/Top_10 2013.
[5] Shar, L.K. and T. Hee Beng Kuan, “Defeating SQL Injection.” Computer, 2013. 46(3): p. 69-77.
[6] Janot, E. and P. Zavarsky. “Preventing SQL Injections in Online Applications: Study, Recommendations and Java Solution Prototype Based on the SQL DOM.” in OWASP App. Sec. Conference. 2008.
[7] McClure, R.A. and I.H. Kruger. “SQL DOM: compile time checking of dynamic SQL statements. in Software Engineering, 2005.” ICSE 2005. Proceedings. 27th International Conference on. 2005.
[8] Rattipong Putthacharoen, Pratheep Bunyatnoparat “Protecting Cookies from Cross Site Script Attacks Using Dynamic Cookies Rewriting Technique" Feb. 13~16, 2011 ICACT2011. Method for Detecting Cross-Site Scripting Attacks".
[9] Qianjie Zhang, Hao Chen, Jianhua Sun “An Execution-flow Based Method for Detecting Cross-Site Scripting Attacks” China (2010)
[10] " Automatic Creation of SQL Injection and Cross-Site Scripting Attacks "ARDILLA (Adam Kie_zun, Philip J. Guo, Karthick Jayaraman, Michael D. Ernst)
[11] W. G. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. In Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005), 2005.
[12] G. T. Buehrer, B. W. Weide, and P. A. G. Sivilotti. Using Parse Tree Validation to Prevent SQL Injection Attacks. In International Workshop on Software Engineering and Middleware (SEM), 2005.
[13] Z. Su and G. Wassermann. The Essence of Command Injection Attacks in Web Applications. In The 33rd Annual Symposium on Principles of Programming Languages (POPL 2006), 2006.

Keywords
Database, sql injection, cross site scripting