 Title -

SQL Injection Prevention System.

 Introduction and Objectives. Of the Project. –

SQL injection attack is widely used by attackers to gain unauthorized access to
systems. This software system is developed to prevent unauthorized access to system
using SQL injection attacks. This is done by adding unique value and a signature
based authentication technique to verify authenticity. SQL injection is a major
security issue these days that allows an attacker to gain access of a web system or
application exploiting certain vulnerabilities. This method exploits various web
application parameters such as transmitting the traveling form data parameters with
an efficient integration of amino acid codes aligned in it. In other words, this software
project puts forth a method to analyse and detect the malicious code to find out and
prevent the attack. It uses an alternative algorithm for signature based scanning
method; this method is based on a different divide and conquers strategy that detects
attacks based on various time/space parameters. This innovative system has proved
successful in preventing various SQL injection attacks based on its efficient attack
detection strategies.

What is SQL Injection?

SQL injection is a type of security exploit in which the attacker adds Structured
Query Language (SQL) code to a Web form input box to gain access to resources or
make changes to data. An SQL query is a request for some action to be performed on
a database. Typically, on a Web form for user authentication, when a user enters their
name and password into the text boxes provided for them, those values are inserted
into a SELECT query. If the values entered are found as expected, the user is allowed
access; if they aren't found, access is denied.
 However, most Web forms have no mechanisms in place to block input other than
names and passwords. Unless such precautions are taken, an attacker can use the
input boxes to send their own request to the database, which could allow them to
download the entire database or interact with it in other illicit ways.

Features:
 User Login/Registration: User can register on the system and get his online
account on site.

Software Requirements:
 Windows 7 or higher
 HeidiSQL 10.2.0.5599
 Visual Studio Code

Hardware Components:
 Processor –Core i3
 Hard Disk – 160 GB
 Memory – 1GB RAM
 Monitor

Advantages of the Proposed Project:

 Prevention of SQL Injection.

 This is a critical bug or to test using SQL injection commands.
 Detects malicious code when anyone tries to input using SQL Injection.
 Signature based authentication technique to verify authenticity is used.

1. Relevance of the topic for the benefit of the society

There is no such Benefits for society
2. Analysis: (DFDs at least Lip to second level, ER
Diagrams/ Class Diagrams/ Database Design etc. as per
the project requirements).

A. 3-tier Architecture of web application 1) User interface tier: This layer

forms the front end of the web application. It interacts with the other layers
based on the inputs provided by the user.

2) Business logic tier: The user request and its processing are done here. It
involves the server side programming logic. Forms the intermediate layer
between the user interface tier and the database tier.

3) Database tier: It involves the database server. It is useful in storage and

retrieval of data.

User Interface Layer

Business Logic Layer

Database Layer

Database

Figure 1. Web 3-tier architecture

 3. Design: A complete structure which includes: Number of
modules and Purpose af each module to provide an
estimation of the student's effort on the project. Data
Structures as per the project requirements for all the
modules:

Miligates
Enter Username
User & Password
Threatens

User
Authentication

Brute force
Authentication

Show generic
Error Message

Application
Harvest (guess) Hacker
Server valid user
accounts

Lock account
after n failed
login attempts

Dictionary
attacks

Validate password
minimum length &
complexity
 4.Testing process to be used.

Just as SQL Injection attempts can be easily detected via logs,

the vulnerability can be just as easy to diagnose before it happens.
Many Web pages vulnerable to SQL Injection can be identified
using vulnerability scanning tools provided by Approved Scanning
Vendors (ASV). A list of ASVs can be found at: https://
www.pcisecuritystandards.org/approved_
companies_providers/approved_scanning_ vendors.php. These
tools can help determine exactly how vulnerable a site is to SQL
injection and can help identify means to prevent a potential
compromise. In addition, free and open-source tools exist that can
be used to regularly check applications for SQL injection
vulnerability.

5. Reports generation ( Mention tentative content of report)

 6. Tools / Platform, Hardware and Software Requirement
specifications

Platform Requirement : Windows

Supportive Operating Systems :

windows XP or 7 As Windows supports Java, this OS is
needed for its efficient working.

Software Requirement :

• Operating system : Windows XP or 7.

• Coding : PHP , HTML,CSS
• Web Server : Apache Tomcat 7
• Data Base : MYSQL Server

7. Are you doing this project for any Industry/Client?

Mention Yes/No. If Yes, Mention the Name and Address
of the Industry or Client
 No.

8. Future scope and further enhancement of the project,

Now in the industries devlopers don’t use php they use

node js so there is low chances in future.