Paper Title
An Efficient Technique for Finding SQL Injection using Reverse Proxy Server
Abstract
One of the most serious threats to the data driven applications is SQL Injection. Web applications that are vulnerable to SQL injection may permit an invader to gain ample access to their underlying databases. A SQL Injection Attack sometimes starts with identifying weaknesses in the applications where unrestricted users’ input is transformed into database queries. There are several ways of detecting and preventing SQLIA such as Hybrid Method, Decision Tree Classification, Hidden Markov Model, Removing of parameter values, Dynamic SQL, Stored Procedure. For each Technique it is not possible to detect and prevent all the types of SQL Injection attack. By exploiting vulnerabilities in web application, an invader can pass through security system even when custom firewall and IDS systems are placed to secure the application. Reverse Proxy could be a technique which sanitize the user’s inputs. In this technique a filter program will redirects the user’s input to the proxy server before it is sent to the application server and data cleansing algorithm is triggered using a sanitizing application. The data cleansing algorithm uses sanitization to check whether the user input contains malicious code or not. If malicious patterns are found, then the user input request is rejected otherwise it is been passed to application server.
Keywords - SQL Injection, SQL Attack, Cross Site Script, Security Threats, Run Time Monitoring.