Preventing SQLIA using ORM Tool with HQL

Siddhesh Bhagat; R. R Sedamkar; Prachi Janrao

Call for Paper

January Edition

IJAIS solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 16 December 2024

Submit your paper

Know more

The week's pick

Ordered Frequent Itemsets Matrix Based On Fp-Tree Structure And Apriori Algorithm

Abdulkader M. Al-Badani Abdualmajed A. Al-Khulaidi

Random Articles

Object Identification for Pure Object Oriented Cross Languages Software Development

June

2015

A Lookup XOR Cryptography for High Capacity Least Significant Bit Steganography

March

2016

A Comparative Study to Detect Emotions from Tweets Analyzing Machine Learning and Deep Learning Techniques

June

2020

Challenges Faced by Organizations in Implementing Telemedicine in Developing Countries: A Literature Review

Nov

2016

Reseach Article

Preventing SQLIA using ORM Tool with HQL

by Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao

International Journal of Applied Information Systems

Foundation of Computer Science (FCS), NY, USA

Volume 11 - Number 4

Year of Publication: 2016

Authors: Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao

10.5120/ijais2016451600

Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao . Preventing SQLIA using ORM Tool with HQL. International Journal of Applied Information Systems. 11, 4 ( Sep 2016), 44-47. DOI=10.5120/ijais2016451600

@article{ 10.5120/ijais2016451600,

author = { Siddhesh Bhagat, R. R Sedamkar, Prachi Janrao },

title = { Preventing SQLIA using ORM Tool with HQL },

journal = { International Journal of Applied Information Systems },

issue_date = { Sep 2016 },

volume = { 11 },

number = { 4 },

month = { Sep },

year = { 2016 },

issn = { 2249-0868 },

pages = { 44-47 },

numpages = {9},

url = { https://www.ijais.org/archives/volume11/number4/938-2016451600/ },

doi = { 10.5120/ijais2016451600 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2023-07-05T19:04:08.401736+05:30

%A Siddhesh Bhagat

%A R. R Sedamkar

%A Prachi Janrao

%T Preventing SQLIA using ORM Tool with HQL

%J International Journal of Applied Information Systems

%@ 2249-0868

%V 11

%N 4

%P 44-47

%D 2016

%I Foundation of Computer Science (FCS), NY, USA

Abstract

Web based systems nowadays follow 3-tier architecture for implementation of enterprise application. But these applications are more prone to security breach and loss of confidential information stored in database. One of the more serious attacks is known as Structured Query Language Injection (SQLI). This attack retrieves data without leaving any trace behind. This paper proposes an efficient solution called Object Relational Mapping technique for such kind of attack in a novel way. ORM maps the table architecture with corresponding Objects and uses those objects to retrieve data instead of getting data directly from database . Therefore it creates a indirect barrier from firing SQL query preventing direct access to database. In addition ORM Methodology satisfies desired criteria of loose coupling while coding.

References

Nuno Antunes and Marco Vieira. Detecting SQL Injection vulnerabilities in web services. IEEE,2009.
Kai-Xiang Zhang, Chia-Jun Lin Engineering, Shih-Jen Chen, Inst Yanling, Hao-Lun Huang, Fu-Hau Hsu Computer Science & Info. Engineering TransSQL:"A Translation and Validation-based Solution for SQL-Injection Attacks";, 2011 First International Conference on Robot, Vision and Signal Processing
Mehdi Kiani, Andrew Clark and George Mohay,"Evaluation of Anomaly Based Character Distribution Models in the Detection of SQL Injection Attacks", The Third International Conference on Availability, Reliability and Security
NTAGWA BIRA Lambert,KANG Song Lin,"Use of Query Tokenization to detect and prevent SQL Injection Attacks";,IEEE2010.
William G. J. Halfond, Alessandro Orso, Member, IEEE Computer Society, and Panagiotis Manolios,"WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation", Member, IEEE Computer Society IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 34, NO. 1, JANUARY/FEBRUARY 2008.
Ke Wei, M. Muthuprasanna, Suraj Kothari,"Preventing SQL Injection Attacks in Stored Procedures", Proceedings of the 2006 Australian Software Engineering Conference (ASWEC:06) 1530-0803© 2006 IEEE.
C. Anley. Advanced SQL Injection In SQL Server Applications. White paper, Next Generation Security Software Ltd. , 2002.
W. Halfond and A. Orso, "Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks," Proceeding of the Third International ICSE Workshop on Dynamic Analysis (WODA 2005), 2005.
J Saltzer and M. Schroeder, "The Protection of Information in Computer Systems," Proc. Fourth ACM Symp. Operating System Principles, Oct. 1973.
Ramya Dharam and Sajjan G. Shiva,"Runtime Monitors for Tautology based SQL Injection Attacks",ICS 2002.
Y. Xie and A. Aiken, "Static Detection of Security Vulnerabilities in Scripting Languages," Proc. 15th Usenix Security Symp. , Aug. 2006.
C. Anley, "Advanced SQL Injection In SQL Server Applications," white paper, Next Generation Security Software, 2002.
J. C. Anderson & D. W. Gerbing. "Structural equation modeling in practice: A review and recommended two-step approach". Psychological Bulletin, vol. 103, no. 3, pp. 411-423. 1988.

Index Terms

Computer Science

Information Sciences

Keywords

T-SQL ORM LDAP SQLIA FCD SSC HQL MIS CBS