Web application SQL injection attack preventer
Web Application SQL injection Attack Preventer
Scope of the undertaking
The undertaking is based on Positive Tainting attack of Dynamic Tainting. Using this attack we can forestall the SQL injection onslaughts. Research workers have proposed many mechanisms to forestall the SQL injection onslaughts. One of them is Defensive cryptography patterns. They have several restrictions which affects the efficiency and practicality. The restrictions are 1 ) It is really hard to implement and implement the defensive cryptography subject, 2 ) Many solutions based on this mechanism can turn to merely the subset of onslaughts.
To get the better of these restrictions, Positive tainting and Syntax-aware ratings attack is used. This attack works by placing “ trusted ” strings in an application and leting these strings to be used to make the semantically relevant parts of the SQL question such as keywords or operators.
Work accomplish to day of the month:
The undertaking is based on the positive tainting and Syntax-aware rating to forestall SQL injection onslaughts.
Coming to work accomplished to day of the month, I have studied the topic of SQL injections in the web applications and done the proposal signifier and gone through the initial research and submitted the concluding proposal signifier.
Now I am in the phase of a research, already collected some conference documents based on the security menaces from IEEE.
Started researching into the security menaces and dynamic tainting and besides collected recent IEEE research documents based on the Dynamic Tainting and security menaces.
Coming to the Implementation, I have installed JDK 1.6 and Apache tomcat waiter to implement the system.
Meeting with the supervisor:
I have met the supervisor thrice from the day of the month of entry of the concluding proposal signifier. In every meeting I have explained about the undertaking position and new alterations to the supervisor and I have taken some suggestions from the supervisor.
PROGRESS AGAINST INITIAL SCHEDULE:
I have submitted the undertaking proposal signifier within the agenda. But due to some alterations in my consequence, I had submitted my concluding undertaking proposal signifier against the agenda ( i.e 5 yearss tardily ) .Apart from that, everything is being followed harmonizing to the initial agenda.
1 ) W. G. Hal fond, A. Oreo, and P.Manolios, “ Using positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks, ” proc. ACM SIGSOFT Symp. Foundations of package Eng. , PP. 175-185, Nov. 2006.
2 ) W. G. Hal fond, A. Oreo, “ Using Positive Tainting and Syntax-Aware Evaluation to counter SQL Injection Attacks, ” IEEE Computer Society, VOL. 34, NO. 1, PP. 65-81, Jan/Feb.2008.