Contents I. Introduction
Due to the more digitalization of world, usage of mobile phones, computers, tablets etc. is increasing very fast. With boosting of digitalization and internet the usage of web applications has also increased. Many of the web application has a three-tier construction i.e. Presentation tier, CGI tier, and Database tier. SQL injection attack is also known as SQL insertion attack. Due to advances in internet, most offline services have moved online. These online services use web applications and web services. Most web attacks target the vulnerabilities of web applications. The SQL Injection Attack (SQLIA) does not waste system resources as other attacks do. However, because of its ability to obtain/insert information from/to databases, it is a strong threat to servers like military or banking systems. The web application framework uses filtering methods for data inputted by user [1]. By the development of the information technology, a massive amount of sensitive information is stored in the database. This information is most valuable for the organizations. Database intrusion attacks can occur for stealing the valuable and sensitive information. Database intrusion attacks could be broadly categorized into two types, depending on the access point. In the first type, the malicious user is directly given the permission to access the database to fetch the data. In the second type, the malicious user indirectly accesses the database to obtain the data. The malicious user can access database indirectly by altering the SQL statements. Such attacks are known as SQL injection attacks [2]. SQL injection is the most widespread security issue in the web applications. Code injection attacks consists of SQL injection attacks, in which SQL characters are inserted into the SQL statements using an untrusted access to change the logic or meaning of the intended query. When the SQL statements is constructed using the external input data, the threat of SQL injection is found. The attacker could modify the query statements by modifying or altering the input data. The SQL injection attack occurs due to lack of development time and training, lack of experience and knowledge of potential security issues, developers often misuse these methods which results in SQL injection vulnerabilities (SQLIVs) [3]. Many businesses are conducted over the internet, cyber-security threats increases. One of the most popular cyber-security threats is Structured Query Language injection (SQLi). It is the most common form of vulnerability in web applications. The risk can also be present with the accounting perspective due to the cyber-security threats. SQLi can also be defined as unauthorized access to data, as well as unauthorized inserts, updates, and deletes of data [4]. Web applications have a front-end and back-end. The front-end is available to clients, employees i.e. the screen which can be seen on the device. An Error can be defined as a deviation of an external state of the system from the correct service state. A fault can be defined as the adjudged or hypothesized cause of an error. Vulnerability can be defined as an internal fault that enables an external fault to harm the system and an attack can be defined as a malicious external fault. The security of web applications is a major concern. Most web applications have critical bugs or faults which can affect the security [5]. Another way of providing security to the web applications from SQLIA is use of Intrusion Detection Systems [6]. The prime issue is that a database and the input field do not have the ability to differentiate between a valid input string and a malicious input string [7]. An SQL Injection Attack is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability occurs if the user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or the user input is not strongly typed [8].
