Defending Web Applications from SQL Injection Attacks using Reliable and Economic Web Application Firewall
Sql Injection, firewall, SSL, SQLIAAbstract
Today most of us depend on Internet for our day to day activities such as financial transactions, educational endeavors etc. As this dependency grows we have to face more number of attacks that are targeted on web applications.SQL Injection Attack is one of the top 10 web application security attacks. By using this attack more than 30,000 websites has been attacked in this year. In this type of attack, the attacker injects SQL commands at entry points of web application to access the database. The SQL database contains valuable information such as username, password, email-id, credit card details, banking transactions and personal information.This information is attractive to hacker and they will use malicious SQL Query as input to perform unauthorized operations. Thus an attacker can retrieve and modify confidential and sensitive information from the database. In this paper, we have developed a technique which implements a Reliable and Economical Web Application Firewall (REWAF) to prevent all types of SQL Injection Attacks. Every website is different and so the protection should be tailored with each one. REWAF provides a state-of-the-art security solution for the recommended website. REWAF will allow valid SQL queries and block illegal or hacked queries using a dynamic firewall policy.