TY - JOUR ID - TI - Encoding Query Based Lightweight Algorithm for Preventing SQL injection attack AU - Hayder A. A. Al-Kashoash AU - Mohammed Abdulridha Hussain AU - Alaa Khudhair Shwaish PY - 2020 VL - 46 IS - 1 SP - 1 EP - 11 JO - Journal of Basrah Researches (Sciences) مجلة ابحاث البصرة ( العلميات) SN - 18172695 2411524X AB - SQL injection attacks are still common issue in web applications. Although different techniques have been proposed to prevent SQL injection attack, it has a high impact on web applications, especially associated with large and sensitive databases. In this attack, an attacker can inject malicious code into the data entry field of the input form and bypass authentication, access, then modification and deletion of data within the database. In this paper, a lightweight algorithm is introduced based on encoding of the query named (EQA) considering HTTP traffic parameters e.g. request and response time and message length. EQA hides the SQL relationship with the database, and prevents some common types of SQL injection (Tautology, Piggybacked and Comment). EQA is implemented and tested using MySQL and PHP environment and Wireshark platform. The results demonstrate that the proposal has a good performance in terms of security level, reducing HTTP request and response time and message length.

ER -