SQL Injection Attacks and Prevention Mechanism

Today is the era of internet each task is performed using web-application so; it is required to provide security to the applications which are vulnerable to such type of attacks. According to the ponemon institute SQL Injection is used to: “Attack data-driven applications: in which malicious SQL statements are inserted into an entry field for execution (example: to dump the database contents to the attacker). SQL Injections exploits security vulnerabilities in applications softwares. SQL Injection is most commonly known as an attack vector through public facing websites, but can be used to attack SQL databases in a variety of ways.� The fact that SQL Injection attacks were discovered more than15 years ago by Jeff Forristal and are still successful. Other vulnerable software applications eventually are fixed, but not SQL. The Open Web Application Security Project (OWASP) offers this explanation: “SQL Injection attacks are unfortunately very common, and this is due to two factors: the prevalence of SQL Injection vulnerabilities and the attractiveness of the target (databases containing the interesting/critical data for the application)�. The rest of the paper structured as follows: Section 1 Introduction section 2 describes SQL Injection and the classification of SQL Injection attacks. Section 3 is related to prevention mechanism. Section 4 is evaluation and results of attacks. Section 5 finally concludes references/ Remarks.