Prevention of SQL Injection Attacks using AWS WAF

Author

Mohammed Kareem, St. Cloud State UniversityFollow

Date of Award

5-2018

Culminating Project Type

Starred Paper

Degree Name

Information Assurance: M.S.

Department

Information Assurance and Information Systems

College

Herberger School of Business

First Advisor

Susantha Herath

Second Advisor

Dien D. Phan

Third Advisor

Balasubramanian Kasi

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Keywords and Subject Headings

SQL Injection WAF AWS EC2 VPC

Abstract

SQL injection is one of several different types of code injection techniques used to attack data driven applications. This is done by the attacker injecting an input in the query not intended by the programmer of the application gaining the access of the database which results in potential reading, modification or deletion of users’ data. The vulnerabilities are due to the lack of input validation which is the most critical part of software security that is often not properly covered in the design phase of the software development lifecycle. This paper presents different techniques and some of the countermeasures for detection and prevention of SQL injection attacks. The proposed procedure in the paper is to use a database firewall between the client (user) side and the database server through AWS to avoid the malicious codes injected by the attackers.

Recommended Citation

Kareem, Mohammed, "Prevention of SQL Injection Attacks using AWS WAF" (2018). Culminating Projects in Information Assurance. 47.
https://repository.stcloudstate.edu/msia_etds/47