Authors : N. Gunaseeli and D. Jeya Mala
Abstract: Web applications are software applications which allow the end users to access the most valuable services like credit card services, purchase orders, online booking services and so on. The developers of the web applications pay more concentration on developing the features and functionality of the applications. They spend only little amount of time to secure web applications. Unfortunately, the web applications are vulnerable to various threats like SQLIA, cross site scripting, buffer overflow, etc. Despite, the web applications are vulnerable to many kinds of threats and attacks, SQLIA (SQL injection attack) is the most vulnerable to web applications. It is a kind of attack where malicious users try to access the database layer of an application through crafted input query strings. Ignoring the existence of these kinds of attacks leads to various kinds of SQLIA. One among them is union queries SQL injection attack. Through this attack, an attacker gets the result set of original query along with the result set of injected query. This study analyzes the weaknesses of union query SQL injection attack and proposes a novel approach to prevent the union query at run time.
N. Gunaseeli and D. Jeya Mala, 2016. Automatic Prevention of Union Query Type SQL Injection Attack Using Private Synonym and Error Message Controller. Asian Journal of Information Technology, 15: 4445-4449.