AN APPROACH TO DETECT AND PREVENT SQL INJUCTION ATTACKS IN DATABASE USING WEB SERVICES

N.Roshinidevi ¹, S.Mekala ²

¹PG Student STET Women’s college, mannargudi.

²Professor of CS department, STET Women’s college, mannargudi.

SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database through the firewall that shields it. The attack takes advantage of poor input validation in code and website administration. SQL Injection Attacks occur when an attacker is able to insert a series of SQLstatements in to a ‘query’ by manipulating user input data in to a web-based application, attacker can take advantages of web application programming security flaws and pass unexpected malicious SQL statements through a web application for execution by the database. SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and executionThe two most important advantages of the new approach against existing analogous mechanisms are that, first, prevent form from SQL injection attacks; second, It does not allow the user to access the data directly in database server. TheXPATHis used to prevent the form from SQL injection. XPath expression is simply called as "an XMLPath”. The XPath language is based on a tree representation of the XML document, and provides the ability to navigate around the tree, selecting nodes by a variety of criteria. The most important kind of expression in XPath is a location path.This is used to generate two filtration models Active Guard and Service Detector of application scripts additionally allowing seamless integration with currently-deployed systems.SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.Injected SQL commands can alter SQL statement and compromise the security of a web application.SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today.