A dynamic algorithm for identifying and avoiding SQL attacks Essay

function to cache the transformed queries and execute dynamic searching at run time.

By using this approach we have two benefits, lot of space can be saved by storing the hash keys rather than the transformed queries and unique primary index can be generated on the hash keys for quick and dynamic searching.

PHP version 5 and greater have implicit backing for more than 40 hash algorithms with hash () function which produces hash keys extending from 8 to 128 characters. An appropriate hash algorithm is selected by employing the algorithms which create keys that consists of 32 characters on random strings varying from five hundred to two thousand characters in length. This was selectively applied thousand times on each string and the average time taken for generating hash key was calculated in milliseconds. Out of all algorithms the MD4 algorithms shows the highest performance but the security is jeopardized. The MD5 algorithm is slower than MD4 but possess more stability and uniform circulation of hash keys. Hence, for transformed queries, MD5 algorithm is more appropriate. In addition to that , md5() method is present in PHP .For evaluation purpose, a web application is written with weak code without input validation to make sure all the web pages are susceptible to SQL Injection attacks. All the web application pages were browsed by turning on the MySQL query logging. Unique queries were chosen that are legitimate. These queries were transformed to basic form using query transformation model. Using MD5 algorithm, these were hashed and keys created were saved in queries table. It was noticed that a number of unique skeleton queries with a single parameter resulted with a value of 135. Thus the legitimate query repositories with a performance of 31.1 percentage using query transformation approach.

Although this scheme and hashing gives complete protection from various types of SQL injection attacks, it is not capable of avoiding second order injection attacks as the values of the parameters are detached in the transformation step. This scheme cannot be enforced to avoid XSS attacks as these attacks occur by inserting executable code into the parameters in the strings via web forms

SQL injection attack plays an important role in webbased security issues. Identification and counteractive action strategies can be categorised into two broad areas. In the first place, distinguish the SQL injection attacks by verifying peculiar SQL Query structure utilizing matching of strings, matching the patterns and query processing [9].

Other methodology includes data interdependencies in various data points that rarely change for determining harmful database threats. Various methodologies have been proposed that includes assimilation of data mining and interference detection systems.

A dynamic algorithm has been suggested for identifying and avoiding SQL attacks adopting Ah0corasick matching algorithm. The design has been shown in the fig 1.As per the fig, the input query is given and cross verifying whether the query has been inserted or not using the Structured Query Language MAP tool and AIIDA scheme. For

detecting SQLIA, Map tool is