@article{380,
  author = {Ramzi Esmail Salah, Ammar Zahary},
  title = {Centralized Dynamic Protection against SQL Injection Attacks in Web Applications},
  journal = {Journal of Intelligent Computing},
  year = {2010},
  volume = {1},
  number = {2},
  doi = {},
  url = {http://www.dline.info/jic/fulltext/v1n2/3.pdf},
  abstract = {Structured Query Language (SQL) injection is an attack method used by hackers to retrieve, manipulate, fabricate or delete information in organizations’ relational databases through Web applications. Construction of secure software is not easy task, given the complexities that may be faced. SQL injection is increasingly exploiting the weaknesses of software year after year around the world. Security relevant issues in this area had not been properly addressed in relevant literatures during the development cycle of software. This paper conducts an approach called Centralized Dynamic Protection against SQL Injection Attacks in Web Applications (CDPIA) that creates a data type for checking system to prevent data type mismatch in dynamically generated SQL queries. To strengthen the approach, CDPIA utilizes encryption technique using Rivest, Shamir and Adleman (RSA) algorithm. The paper also discusses and presents most common Web application vulnerabilities with possible attack scenarios. An implementation of the system is described by using an MS SQL written in Microsoft Visual Studio with C#. The presented approach has been tested and verified using both manual and automated method. Results show that the implemented approach can handle most common SQL injections and data type mismatches.},
}