In the 21st century, there has been a significant rise in dependency on the Internet for daily activities. Web applications such as online banking, web-based emails, social networking, and many more services have become an instant means of communication. These web applications and the data to which they have access are often targeted using malicious attacks, including SQL (Structured Query Language) Injection Attacks (from now on referenced as SQLIAs), which may cause serious damage. In particular, attackers use SQLIAs to target interactive web applications that incorporate database services. In a SQLIA, an attacker can insert malicious SQL code as an input to perform unauthorized database operations, which could potentially jeopardize the privacy, integrity and security of the users.
This thesis proposes an unconventional hardware-based approach for solving SQL vulnerabilities and thwarting SQLIAs. Specifically, we are approaching the problem of SQL Injection by using an FPGA to search for action-based binding keywords which join multiple queries. These keywords form an integral part of any attack query. We search for these keywords in a user’s input space and replace them with a null string. By doing so, the binding query is nullified, and the attacking query is rendered harmless.
Number of Pages
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Shah, Nisharg, "Securing Database Users from the Threat of SQL Injection Attacks" (2017). Electrical Engineering Theses and Dissertations. 1.