Authors : M.TharunKumar; K.Nandhakumar; G.Lokesh; S.Ramya

Volume/Issue : Volume 9 - 2024, Issue 12 - December

Google Scholar : https://tinyurl.com/ywynpe52

Scribd : https://tinyurl.com/s6p86nra

DOI : https://doi.org/10.5281/zenodo.14506704

Abstract : SQL injection (SQLi) remains one of the most pervasive and dangerous vulnerabilities in web application security, allowing attackers to manipulate or access a database by injecting malicious SQL queries through improperly sanitized input fields. This study investigates the evolution and impact of SQLi attacks in India from 2000 to the present, focusing on high- profile incidents such as the 2016 Zomato breach, the 2020 BigBasket attack, and the 2023 AIIMS Delhi cyberattack. These breaches exposed millions of sensitive records, highlighting the vulnerabilities in database management and web application design. We analyze the methodologies used in these attacks, the security lapses they exploited, and the systemic issues that allowed them to succeed. In response to these challenges, organizations have adopted various prevention mechanisms, including parameterized queries, web application firewalls (WAFs), and encryption of sensitive data, as well as advanced security protocols like anomaly detection and real-time monitoring. Post-incident strategies such as forensic investigation, incident response, and collaboration with cybersecurity agencies have also been integral in mitigating the impact of SQLi. The paper discusses the effectiveness of these prevention and detection techniques and presents recommendations for enhancing SQLi defense in light of ongoing threats. Given the evolving nature of SQLi attacks, the paper concludes by emphasizing the need for continuous vigilance, regular security audits, and the integration of emerging security technologies to protect against future SQLi vulnerabilities.

References :

1. SANS Institute (2021). "Web Application Security: SQL Injection." Retrieved from: https://www.sans.org/cyber-security- courses/sql-injection/
2. OWASP Foundation (2020). "SQL Injection". Open Web Application Security Project (OWASP). Retrieved from https://owasp.org/www- community/attacks/SQL_Injection
3. Belt, B. & Sandoval, C. (2014). "SQL Injection: Attacks and Prevention Strategies". International Journal of Computer Science and Security 8(4), 276-283.
4. Simeon, B. et al. (2017). "SQL Injection Vulnerabilities in Web Applications: A Survey of Attacks and Mitigation Strategies." Journal of Computer Security, 15(4), 212-221.
5. Zhang, X. & Li, X. (2019). "SQL Injection Attack Detection and Prevention Mechanisms." Security and Privacy, 2019.
6. Sharma, A., & Yadav, S. (2020). "A Review of SQL Injection Vulnerabilities   and   Prevention Mechanisms."International Journal of Computer Applications, 172(6), 40-48.
7. Elyas,  R.,  &  Zha,  X.  (2021). "Security Concerns in Web Applications: Case Study of SQL Injection Attacks." Journal of Internet Technology and Secured Transactions, 7(3), 106-112.
8. Shin, D., & Lee, Y. (2020). "SQL Injection Attack Detection Using Deep Learning." Cybersecurity Journal,      1(1),        22-33. https://doi.org/10.1016/j.cyber.2020.0 2.004
9. Ashraf, I. & Khan, N. (2022). "SQL Injection and Other Web Application Vulnerabilities: Trends and Prevention Techniques." Proceedings of the 2022 International Conference on Internet Security and Cryptography, 49-55.
10. Pujari, M. & Mehta, R. (2019). "SQL Injection Attacks and Their Real- World Impact." Journal of Cyber Security Research, 17(2), 85-96.
11. CERT-In   (2021).   "Indian Government Websites Vulnerabilities and Mitigation: SQL Injection Focus." Indian Computer Emergency Response Team (CERT-In). Retrieved from: https://www.cert-in.org.in
12. Sinha, K., & Patel, D. (2021). "Case Study: BigBasket Data Breach and Post-Breach Actions in India." Cybersecurity in India: Journal of Emerging Trends, 14(1), 11-20.
13. [Zhao,  X.,  &  Zhang,  Y.  (2021). "Detecting SQL Injection Attacks in Web  Applications  Using  Machine Learning Algorithms." International Journal of Computer Applications in Technology,    63(2),    156-164. https://doi.org/10.1504/IJCAT.2021.1 16905
14. Rashid, M., & Saleem, S. (2019). "A Study on SQL Injection Attacks and Prevention Mechanisms: Case Study of Indian Companies." International Journal of Security and Applications, 13(5), 59-68. [15] Zhu, X., & Wang, Q. (2020). "SQL
15. Injection Attacks and Protection Mechanisms in E-Commerce Websites." International Journal of Computer Science and Engineering Technology, 10(3), 235-243.
16. Ahmed, S. & Rehman, M. (2021). "SQL Injection Attack: How It Works and How to Defend Against It." Cybersecurity Research Journal, 9(1), 34-41.
17. Tiwari, V., & Kumar, D. (2020). "SQL Injection Attacks: A Survey on Techniques and Tools for Prevention." Journal of Information Security and Cybercrimes Research, 5(3), 119-126.