الفهرس 
INTRODUCTIONOnly 14 pages are availabe for public view
 |  | from | 131 |  |  |
| | | from | 131 | | |
Abstract
The improvements that Internet has made during the past few years have changed the way people see and use the Internet itself. It is not about simple static web pages any more. The more their use grows, the more attacks aim these systems. Nowadays most of the activities are done by using web applications. For example paying bills, online shopping, online booking etc. But to store all types of data databases are required. But these databases are not safe from attacks by various intruders. The security of such Web applications has come under close scrutiny. Compromise of these applications represents a serious threat to the organizations that have deployed these web applications as well as to the users that trust these systems to store confidential data. Most of the attacks on these databases are SQL Injection attacks. For a successful SQL Injection attack the intruder append a SQL query to the original query. The intruder thus steal large amount of important information from databases. SQLIA is an attack which does not harm the system like any other attack but because of its ability to steal important information from databases makes this type of attacks a serious security threat. The fear of SQL injection attacks has become increasingly frequent and serious. SQL-Injection Attacks are a class of attacks that many of these systems are highly vulnerable to, and there is no known fool-proof defend against such attacks. The Web applications that are vulnerable to SQL-Injection attacks user inputs the attacker’s embeds commands and II gets executed. The attackers directly access the database underlying an application and leak or alter confidential information and execute malicious code. In some cases, attackers even use an SQL Injection vulnerability to take control and corrupt the system that hosts the Web application. The increasing number of web applications falling prey to these attacks is alarmingly high Prevention of SQLIA’s is a major challenge. This thesis details an analysis of SQL injection prevention. Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. from this attack, the attacker can take control of the database therefore be able to interpolate the data from the database server for the website. Hence, the big challenge became to secure such website against attack via the Internet. We have presented different types of attack methods and prevention techniques of SQLIA which were used to aid the design and implementation of our model TDSproxy. This thesis is separated into two parts. The first highlights methods that should be adopted in order to reduce the risk of an SQL injection attack. The second details the creation of a filtering proxy server used to prevent a SQL injection attack and analyses the performance impact of the filtering process on web transactions. The test implementation focuses on Microsoft SQL Server 2012 although the guidelines are applicable to all database management systems. This is because SQL is a standard used by most databases.