Intercepting filter approach to detect and prevent SQL injection attacks on vulnerable SQL codes
Database vulnerability is present when user input is either poorly filtered or user input is not strongly typed and thereby SQL codes unpredictably executed. It mostly happens when attackers try to exploit security vulnerability occurring in the database layer by taking advantage of poorly designed SQL codes inside the application. This thesis implements an Intercepting Filter System (IFS) to detect and prevent bad inputs before passing to the database server. IFS includes of four subsystems; (1) HTTP filtering subsystem (to listen and read all incoming user inputs), (2) SQL injection attack identifier subsystem (to parse user input and identify possible attacks), (3) Decision maker subsystem (to decide and take action if attack detected) and (4) Alerting subsystem (to update rules on the firewalls and notify respective personnel if attack detected). IFS proved that it has very minimal overhead on the CPU and memory usage of the web server even for large number of user requests. This thesis also proved that IFS significantly mitigates SQL injection attacks for any known types of SQL injection attack techniques. IFS benefits in protecting vulnerable database codes inside any web based applications. IFS doesn’t require modification of existing database codes to integrate and work and hence there is no need to modify the application codes for better validation. ^
Ermias A Tedla,
"Intercepting filter approach to detect and prevent SQL injection attacks on vulnerable SQL codes"
ETD Collection for Tennessee State University.