Bahjat Arif, Sarajaldeen Akram and Wani, Sharyar (2025) The theoretical foundations and literature analysis a hybrid detection technique against malicious SQL attacks on web applications. Journal of Information Systems Engineering and Management, 10 (35s). pp. 1093-1100. E-ISSN 2468-4376
This is the latest version of this item.
|
PDF
- Published Version
Download (2MB) | Preview |
Abstract
Today, most web applications are vulnerable to SQL-injection attacks. Malicious inputs by unauthorized attackers can cause the deletion, modification, or retrieval of confidential data from remote databases, creating huge financial losses and affecting the operations of commercial vendors and financial companies. Accordingly, the aim of this study is to identify the latest SQL injection attacks based on user inputs in web applications associated with remote server databases and to develop a new method based on dynamic detection techniques to prevent SQL injection attacks. The methodology is based on JavaScript and PHP languages for developing a new technique called DetectCombined, capable of filtering queries using parameterized queries to protect against SQL injection, which is a safe method. It is a code with double shield protection that prevents unauthorized extraction or damage to the remote database on the server side due to malicious SQL injection. The proposed DetectCombined is an innovative technique that executes a protection code based on a sequence of three stages: filtration-validation-history. This technique produces a robust protection code that distinguishes between safe SQL commands and malicious ones and reinforces the memory of the detection procedure by saving previous SQL attacks in special tables in the remote database, regardless of the types of users, whether general users or admins. This can increase SQL injection protection while also allowing for large amounts of user data to be entered. Filtering queries with parameters: Using parameterized queries to protect against SQL injection is a safe method
| Item Type: | Article (Journal) |
|---|---|
| Uncontrolled Keywords: | SQL Injection, Malicious Attacks, Detect Combined |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): | Kulliyyah of Information and Communication Technology > Department of Computer Science Kulliyyah of Information and Communication Technology > Department of Computer Science |
| Depositing User: | Dr. Sharyar Wani |
| Date Deposited: | 02 May 2025 16:29 |
| Last Modified: | 02 May 2025 16:29 |
| URI: | http://irep.iium.edu.my/id/eprint/120774 |
Available Versions of this Item
- The theoretical foundations and literature analysis a hybrid detection technique against malicious SQL attacks on web applications. (deposited 02 May 2025 16:29) [Currently Displayed]
Actions (login required)
 |
View Item |
Download Statistics
Download Statistics