PREVENTION OF SQL INJECTION AND DATA THEFTS USING DIVIDE AND CONQUER APPROACH
#1

[attachment=3663]
PREVENTION OF SQL INJECTION AND DATA THEFTS USING DIVIDE AND CONQUER APPROACH
Domain : Security

Presented By:
S.Sivarama Krishnan
S.Manikandan
R.Senthil vason


Abstract

The SQL Injection provides the full unrestricted access to the malicious user. So that attackers can easily enter into the application.
The signature based method is a drawback , since the time taken to check the signature is very high
The SQL Injection access the application only by using special character
Introduction

Sql Injection:

SQL injection is an injection attack that exploits security vulnerability occurring in the database layer of an application.

Divide and Conquer:

A divide and conquer approach works by recursively breaking down a problem into two or more sub-problems of the same (or related) type, until these become simple enough to be solved directly. The solutions to the sub-problems are then combined to give a solution to the original problem.

Hirschberg algorithms

Some sql Injection for examples
The standard sql query format is :
Select * from table where UserName=Ëœramâ„¢ and Password=Ëœraviâ„¢;
Malicious user inject the following sql injection in this field as
UserName : ram
Password : anything™ or ˜1™=˜1
Select * from table where UserName=˜ram™ and Password=˜anything™ or ˜1™=˜1™;

Existing System

The SQL Injection attacks were prevented by using Signature based method.
Here the drawback is time complexity.
Next defense coding practices were done. But it is not much efficient because of the cost and complexity.

Proposed System

This approach is used for preventing the SQL Injection attack.
The SQL Injection accesses the application only by using the special characters.
So in our approach the special characters were totally avoided.

Modules

Monitoring Module
Analyzing Module
Preventing Module
Our approach

Monitoring module :

It gets the input from the web application and send it to analysis module . If analysis module finds any suspicious activity in sends error message and blocks the further transaction

SPECIFICATION :

Specifications comprise the predefined keywords and send it to analysis module for comparisons. These modules have all predefined keywords which is stored in the database.

ANALYSIS MODULE :

Analyzer module get the input from the monitoring module and it uses Hirschberg algorithm matrix for string comparison.
Data Flow Diagram

Hirschberg algorithm

Time complexity : O(nm)
Space complexity : O(min(nm))
Hirschberg algorithm
SOFTWARE & HARDWARE REQUIREMENTS

SOFTWARE REQUIREMENTS

Java1.5 or More
Tomcat 5.5
MS-SqlServer

HARDWARE REQUIREMENTS

Hard disk : 40 GB
RAM : 128mb
Processor : Pentium


REFERENCE

[1] Xiang Fu, Xin Lu, Boris Peltsverger, Shijun Chen, "A Static Analysis Framework For Detecting SQL Injection Vulnerabilities", IEEE Dynamic SQL Transaction of computer software and application conference, 2007.
[2] William G.J. Halfond, Alessandro Orso,Panagiotis Manolios, "WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation", IEEE Transaction of Software Engineering Vol 34, Nol, Twentieth January/February 2008. 2005.
[3] Konstantinos Kemalis and Theodoros Tzouramanis, "Specification [18] Xin based approach on SQL Injection detection", ACM, 2008.
Thank You
Reply
#2
[attachment=4832]

Abstract
-This system will provides robust security against SQL Injection and Data theft.
-In this System we are preventing the unexpected accessibility of database through the SQL Query by the help of special character.
-We introducing here divide and conquer approach to prevent the SQL injection.
Reply
#3
go through the following thread too for more information on 'Prevention of SQL Injection and Data Thefts Using Divide and Conquer approach'

http://seminarsprojects.in/attachment.php?aid=4832
Reply
#4
to get information about the topic "SQL INJECTION PREVENTION" full report ppt and related topic refer the page link bellow

http://studentbank.in/report-prevention-...e=threaded

http://studentbank.in/report-sql-injecti...e=threaded

Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: reservation system using pl sql, pl sql programming, bullying in schools and prevention, a divide and conquer approach for minimum spanning tree based clustering ppt, an approach to detect and prevent sql injection attacks in database using web service, how to sql injection, sqlipa an authentication mechanism against sql injection,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  A Link-Based Cluster Ensemble Approach for Categorical Data Clustering 1 1,062 16-02-2017, 10:51 AM
Last Post: jaseela123d
  Exploiting the Functional and Taxonomic Structure of Genomic Data by Probabilistic To 1 750 14-02-2017, 04:15 PM
Last Post: jaseela123d
  Remote Server Monitoring System For Corporate Data Centers smart paper boy 3 2,806 28-03-2016, 02:51 PM
Last Post: dhanabhagya
  Secured Data Hiding and Extractions Using BPCS project report helper 4 3,644 04-02-2016, 12:52 PM
Last Post: seminar report asees
  Data Hiding in Binary Images for Authentication & Annotation project topics 2 1,812 06-11-2015, 02:27 PM
Last Post: seminar report asees
  DATA LEAKAGE DETECTION project topics 16 13,002 31-07-2015, 02:59 PM
Last Post: seminar report asees
  An Acknowledgement-Based Approach for the Detection of routing misbehavior in MANETs mechanical engineering crazy 2 2,941 26-05-2015, 03:04 PM
Last Post: seminar report asees
  An Acknowledgment-Based Approach For The Detection Of Routing Misbehavior In MANETs electronics seminars 7 4,671 27-01-2015, 12:09 AM
Last Post: Guest
  Privacy Preservation in Data Mining sajidpk123 3 2,929 13-11-2014, 10:48 PM
Last Post: jaseela123d
  projects on data mining? shakir_ali 2 2,026 05-11-2014, 09:30 PM
Last Post: jaseela123d

Forum Jump: