International Journal of
Innovation, Management and Technology

Abstract— Web services are usually supported by a database at the backend while a frontend takes input from the user, construct SQL statements and access the database. SQL injection is a popular technique used by attackers to exploit unsanitized user input vulnerability by convincing the application to run SQL code that it was not intended to run. Validating all user inputs and checking for vulnerability can be tedious on the part of the programmer. In this work we propose a new approach to prevent SQL injection attack using URL filtering. URL filters are used to validate user input to web forms. In this approach a single filter can be used to validate input to several databases which makes our approach more scalable and efficient. We implement the filter using Java servlet and demonstrate its effectiveness.

Index Terms— SOL injection attacks, prevention, URL filtering.

Sangita Roy is with Computer Science and Engineering Department, Indian Institute of Technology Patna, India, (e-mail: r_sangita@iitp.ac.in). 
Avinash Kumar Singh was with KIIT University, Bhubaneswar, Orissa, India. He is now with the Department of Computer Science, Indian Institute of Information Technology Allahabad, India (email: rs110@iiita.ac.in). 
Ashok Singh Sairam is with the Computer Science and Engineering Department, Indian Institute of Technology Patna, (e-mail: ashok@iitp.ac.in).

[PDF]

Cite: Sangita Roy, Avinash Kumar Singh, and Ashok Singh Sairam, Senior Member IACSIT, " A Novel Approach to Prevent SQL Injection Attack Using URL Filter ," International Journal of Innovation, Management and Technology vol. 3, no. 5, pp. 499-502 , 2012.