Analysis of SQL Injection Attack Detection and Prevention on MySQL Database Using Input Categorization and Input Verifier

Analysis of SQL Injection Attack Detection and Prevention on MySQL Database Using Input Categorization and Input Verifier

연구 분야: Databases

학회: 2022 IEEE 8th Information Technology International Seminar (ITIS)

Data leakage affects confidentiality and integrity, which can harm various parties. According to OWASP (Open Web Application Security Project) research, SQL injection attacks rank first in the top web application vulnerabilities. Moreover, the website is directly connected. SQL injection attacks are common on MySQL databases because they are generally more popular than other database systems. One of the efforts to detect and prevent SQL injection attacks is to use input categorization techniques and input verifiers based on input. Application development using SDLC Waterfall. The analysis is obtained from the test results using sqlmap and manually. This paper provides an overview of detection and prevention efforts with input categorization approaches and input verifiers based on the type of SQL injection attack. All applications without prevention and detection can be attacked, while applications with prevention and detection cannot be attacked. This paper designs and develops a web application with and without SQL injection attack detection and prevention using input categorization and input verifier. The results obtained, input categorization, and input verification techniques can detect and prevent SQL injection attacks based on their type, including union-based SQL injection, error-based SQL injection, and blind SQL injection. Input categorization and input verifier can be used in addition to the use of an encrypted database.