A Proposed Framework Against Code Injection Vulnerabilities in Online Applications

SQL Injection is a well-known vulnerability that can be dangerous and violates the security of web applications.This paper proposes a framework to prevent SQL Injection attacks and provide better availability for the web application. The proposed framework is a hybrid which has Token based Detection module and Neural Network based Reconstruction module. The following SQL Injection types were considered in this paper: Tautologies, Union Queries, Illegal Queries, Piggy-back, Alternate Encoding, Stored Procedure and Inference Attack. The web application will be statically analyzed to detect and gather legal queries of the application. When a user sends a query, it will be compared with the gathered query to detect any SQL Injection by using a specific algorithm which depends on the tokens of the queries. Neural Network is used to provide better availability and reduce denial of service attack by facilitating the reconstruction option for the authenticated user query.

Read the Research Discussion



For Programmers Series are documents provided by ResearchCoders that explain the ideas of the paper for the programmers, you can download them from here. Please note that we always recommend to read the original paper also for better understanding.

If you've got an idea that has not mentioned in the original research and you think adding it to implemenations can be useful, you can share your idea here.

Share an Idea