A novel method for preventing SQL injection using SHA-1 algorithm and syntax-awareness

Abstract EN

Nowadays the most used applications are the web based applications, for instance long range informal communication, shopping, e-learning, banking and social networking are all an examples of web based applications.

It is commonly known that these Web applications are publicly available for all users around the world.

This leads us to new challenges in securing these applications and exposing them to many Web-based attacks, one of the most common attacks is SQL injection (SQLi) which has a big impact on Web applications back-end databases, SQL injection working principle is by injecting a malicious code in SQL statements that can give hackers unauthorized access to the back-end database.

In this paper, we make an overview of SQLi in addition; we take a look at some of the recent approaches that aims to prevent this type of attack.

Then we propose a novel approach that is based on hashing using the fast and secure SHA- 1 algorithm and syntax-awareness then we make a comparison between our solution and the surveyed solutions, our efficient approach was able to prevent all types of SQLi attacks and it did not fail in any situation.