Model based hybrid approach to prevent SQL injection attacks in PHP

Simple item page
dc.contributor.authorSadalkar, K.
dc.contributor.authorMohandas, R.
dc.contributor.authorPais, A.R.
dc.date.accessioned2026-02-06T06:40:38Z
dc.date.issued2011
dc.description.abstractSQL Injection vulnerability is ranked 1st in the OWASP top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. Inspite of preventive measures like educating developers about safe coding practices, statistics shows that these vulnerabilities are still dominating the top. Various static and dynamic approaches have been proposed to mitigate this vulnerability. In this paper, we present a hybrid approach to prevent SQL injection attacks in PHP, a popular server side scripting language. This technique is more effective to prevent SQL injection attack in a dynamic web content environment without use of complex string analyzer logic. Initially, we construct a Query model for each hotspot by running the application in safe mode. In the production environment, dynamically generated queries are validated with it. The results and analysis shows the proposed approach is simple and effective to prevent common SQL injection vulnerabilities. © 2011 Springer-Verlag.
dc.identifier.citationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2011, Vol.7011 LNCS, , p. 3-15
dc.identifier.issn3029743
dc.identifier.urihttps://doi.org/10.1007/978-3-642-24586-2_3
dc.identifier.urihttps://idr.nitk.ac.in/handle/123456789/33046
dc.subjectauthentication bypass
dc.subjectdatabase mapping
dc.subjectdynamic analysis
dc.subjectinput validation
dc.subjectSQL injection attack
dc.subjectstatic analysis
dc.subjectunauthorized access
dc.subjectweb vulnerabilities
dc.titleModel based hybrid approach to prevent SQL injection attacks in PHP

Files

Collections

Conference Papers