We all know that most of the dynamic web applications are developed using three tier architecture... more We all know that most of the dynamic web applications are developed using three tier architecture by dividing it into three layers, but among all security threats, SQLIA is foremost security threat for any dynamic web applications. Using this mechanism, attacker can bypass authenticated & secure functionality of a web application and can inject a special crafted SQL query into application layer to get unauthorized & confidential information from database server. The main approach of this paper recommends a mechanism of using a combination of client & server site scripting to prevent SQLIA.A client-side logical unit coded in client-side scripting language detects most of the special characters which a hacker uses to make a SQLIA. When Next filtered user’s input parameters go to the web server, here it again goes through a testing process by a functional unit which is coded using server-side scripting language. The remaining possibilities of SQLIA can stop here; therefore a dual testing approach in the application layer can decrease the probability of SQLIA at development phase of a web application.
Uploads
Papers by Bilal Ahamad
into three layers, but among all security threats, SQLIA is foremost security threat for any dynamic web
applications. Using this mechanism, attacker can bypass authenticated & secure functionality of a web
application and can inject a special crafted SQL query into application layer to get unauthorized & confidential
information from database server. The main approach of this paper recommends a mechanism of using a
combination of client & server site scripting to prevent SQLIA.A client-side logical unit coded in client-side
scripting language detects most of the special characters which a hacker uses to make a SQLIA. When Next
filtered user’s input parameters go to the web server, here it again goes through a testing process by a functional
unit which is coded using server-side scripting language. The remaining possibilities of SQLIA can stop here;
therefore a dual testing approach in the application layer can decrease the probability of SQLIA at development
phase of a web application.