Component Based Web Application Firewall for Analyzing and Defending SQL Injection Attack Vectors
Prabhat Bisht1, Manmohan Singh Rauthan2, Raj Kishore Bisht3
1Prabhat Bisht*, PhD Scholar, Uttarakhand Technical University, Dehradun, India.
2Dr. Manmohan Singh Rauthan, computer science and engineering, Hemwati Nandan Bahuguna Garhwal University , Srinagar Garhwal, Uttarakhand , India.
3Dr. Raj Kishore Bisht, Bisht Mansion, Prem Vihar, Pilikothi, Haldwani Nainital Uttarakhand, India.
Manuscript received on 01 August 2019. | Revised Manuscript received on 06 August 2019. | Manuscript published on 30 September 2019. | PP: 4183-4190 | Volume-8 Issue-3 September 2019 | Retrieval Number: C4674098319/2019©BEIESP | DOI: 10.35940/ijrte.C4674.098319
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Structured query language injection is a top rated vulnerability by open web application security project community. If a web application has structured query language vulnerability in source code, then such application is prone to cyber-attacks, leading to attack on confidentiality, integrity and availability. Attackers are always ready to exploit structured query language injection vulnerabilities by executing various online attack vectors and many times successfully bypass authentication and authorization to gain privilege access on web and database server leading to service interruption, data interception, modification, fabrication and sometime complete deletion of database. The present paper is an attempt to propose an advance component based web application firewall to enhance web application security by mitigating structured query language injection attack vectors by analyzing hypertext transfer protocol request variables through analyzer component and defending injection attack through defender component based on content policy installed on advance web application firewall.
Keywords: Advance Web App Firewall (AWAF), Hypertext Transfer Protocol (HTTP) Open Web Application Security Project (OWASP), Structured Query Language Injection (SQLi)
Scope of the Article: Component-Based Software Engineering