To search, Click below search items.


All Published Papers Search Service


Bulwark Against SQL Injection Attack? An Unified Approach


Sushila Madan, Supriya Madan


Vol. 10  No. 5  pp. 305-313


Data security has become a topic of primary discussion for security expert. Vulnerabilities are pervasive resulting in exposure of organizations and firms to a wide array of risks. Code Injection attack, a major concern for web security, occurs when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or when user input is not strongly typed and thereby unexpectedly executed, causing an error due to improper setup or coding such that the system fails to handle or properly respond to exceptional or unexpected data or conditions, which results in a situation wherein user credentials can be captured by injecting exceptional data. In spite of many tools and techniques, attacks on web application especially through SQL Injection Attacks are at a rise. Threat modeling is an important risk assessment and mitigation practice that provides the capability to secure a web application. A comprehensively designed threat model can provide a better understanding of the risks and help determine the extent of mitigation action. This paper aims to initiate the threat risk model ADMIRE which is a comprehensive, structured and stepwise approach, which would help to identify and mitigate Code Injections attacks and shield the database lying in the database servers, which may be unauthorizedly accessed for malafide reasons from the web applications.


Security, SQL Injection, Threat modeling, Vulnerability, Web Application