Title: SQL-INJECTION SECURITY EVOLUTION ANALYSIS IN ASP.NET
Abstract: All the interactive web applications that provide work for databases are target of an SQL injection attack. Such applications gives the permission to the user for input, after that this input added in database request, that’s SQL Statement. In SQL injection, the attacker provides user input that outcome in a different database request than was intended by the application programmer. SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. In our project work we describe a technique to prevent this kind of manipulation and hence eliminate SQL injection vulnerabilities. For empirical analysis, we provide a case study of our solution in ASP page. We implement our solution in a simple .NET framework, and show its effectiveness and scalability.
Publication Year: 2012
Publication Date: 2012-01-01
Language: en
Type: article
Access and Citation
Cited By Count: 1
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot