Sql Injection

Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities. Since most developers are not experienced software security practitioners, a solution for correctly fixing SQL injection vulnerabilities that does not require security expertise is desirable. In this paper, we propose an automated method for removing SQL injection vulnerabilities from Java code by converting plain text SQL statements into prepared statements. Prepared statements restrict the way that input can affect the ...

Web applications have become an integral part of the daily life. One of the most serious types of attack against web applications is SQL injection. SQL injection is a type of attack which the attacker adds Structured Query Language code to a web form input box to gain access or make changes to data. This paper proposes a simple and efficient framework to detect SQL injection attacks. The method converts the runtime query into sequence of tokens and then compares it with the predetermined queries. In order to reduce runtime validation, the possible queries at the query execution points are separately stored during static analysis. This method uses combined static and dynamic analysis.

SQL Injection attacks on web applications have become one of the most important information security concerns over the past few years. This paper presents a hybrid approach based on the Adaptive Intelligent Intrusion Detector Agent (AIIDA-SQL) for the detection of those attacks. The

Today almost all organizations have improved their performance through allowing more information exchange within their organization as well as between their distributers, suppliers, and customers using web support. Databases are central to the modern websites as they provide necessary data as well as stores critical information such as user credentials, financial and payment information, company statistics etc. These websites have

Today, the spread of the use of the Internet has led to the growth of explosive web design. Millions of users worldwide perform many of their important and vital activities through these websites and in the world of the Internet. This has turned the world of the Internet into a vast repository of information, information that is often important and vital, and whose security and proper protection are of paramount importance. The importance of protecting the information of Internet users requires the secure design of websites. To do this, web designers need to be familiar with the types of attacks and tricks that threaten data security and to consider the security points needed in their designs to prevent them. The SQL Injection attack is one of the most common types of attacks that threaten the security of data stored in a database connected to a website. SQL Injection Attacks. It manipulates and changes to achieve a different goal than the original goal. This type of attack can perform various operations from data recovery to removal from the relevant database. In this project, an attempt has been made to get acquainted with this type of attack and also to examine some ways of securing against this type of attack. For this purpose, to better understand the issue, examples have been used to implement the desired examples of ASP.NET 2.0 programming facilities as well as SQL Server database management software.

As the Internet users increase, the need to protect web servers from malicious users has become a priority in many organizations and companies. Writing crosscutting functions in complex software should take advantage of the modularity offered by new software development approaches. With AspectOriented Programming (AOP), separating concerns when designing an application fosters reuse, parameterization and maintenance. In this paper, we design a security aspect called AProSec for detecting SQL injection and Cross Scripting Site (XSS), that are common attacks in web servers. We experimented this aspect with AspectJ language and JBoss AOP. By this experimentation, we show the advantage of runtime platforms such as JBoss AOP for changing security policies at runtime. Finally, we describe related work on security and AOP.

SOQL Reference eBook for the System Administrators in a hurry.

A SOQL query is the equivalent of a SELECT SQL statement and searches the org database. SOSL is a programmatic way of performing a text-based search against the search index. Whether you use SOQL or SOSL depends on whether you know which objects or fields you want to search, plus other considerations.

Web application brings us convenience but also has some potential security problems. SQL injection attacks topped the list of Top 10 Network Security Problems released by OWASP, and the detection technology of SQL injection attacks has been one of the hotspots of network security research. In this paper, we propose a SQL injection detection method that does not rely on background rule base by using a natural language processing model and deep learning framework on the basis of comprehensive domestic and international research. The method can improve the accuracy and reduce the false alarm rate while allowing the machine to automatically learn the language model features of SQL injection attacks, greatly reducing human intervention and providing some defense against 0day attacks that never occur.

Web Services are the newest mechanism of communication among applications. Web Services are independent of both hardware and software infrastructure, they are very flexible and scalable. Lack of security features provided by the web services creates a window of opportunity for attackers. Web Services are offered on Http with Simple Object Access Protocol (SOAP) as an underlying infrastructure. Both SOAP and Web Services relies heavily on XML, hence, Web Services are most vulnerable to attacks using XML as an attack  parameter. Several attacks use XML and most of them lies in the category of XML injection.XML based attacks discussed in this study covered a variety of attacks for example Denial of Services and Data Theft, escalation of privileges etc. Among these attacks the injections attacks on the web services are more severe and being given special attention. This study is aimed at providing an insight of the various forms of XML injections such as XPath injection, Coercive Parsing, and oversize payload

Abstract-- When an internet user interacts in web environment by surfing the Net, sending electronic mail messages and participating in online forums lot of data is generated which may have user’s private information. If this information is captured by third party tools and techniques; it may cause a breach in end user privacy. In the Web environment, end user privacy is one of the most controversial legal issues. In this paper issues related to information leakage through SQL injection attacks are presented and protection mechanisms are also discussed.

Out-of-Band (OOB) Structured Query Language (SQL) Injection is an exploitation to exfiltrate data from database through different outbound channel. Common channel use by OOB SQL Injection for data exfiltration are through Domain Name Server (DNS) and HyperText Transfer Protocol (HTTP) channels. This type of SQL injection should address properly due to the impact is on the par with traditional methods. OOB SQL Injection impacts on database systems with insufficient of input validation control in place and allowed access to public, either DNS or HTTP protocol. Test cases and recommendation for remediation have been discussed in this paper in order to raise awareness of the exploitation.

Cyber-crimes are growing rapidly and to prevent these crimes one should share all the knowledge he/she has to make people aware of these attacks. In the field of Application Security there is a very well-known vulnerability-SQL INJECTION‖. In this paper, we have focused on what are the type of SQL Injection attacks and where it can be found in any application.

Web services work over dynamic connections among distributed systems. This technology was specifically designed to easily pass SOAP message through firewalls using open ports. These benefits involve a number of security challenges, such as Injection Attacks, phishing, Denial-of-Services (DoS) attacks, and so on. The difficulty to detect vulnerabilities ─before they are exploited─ encourages developers to use security testing like penetration testing to reduce the potential attacks. Given a blackbox approach, this research use the penetration testing to emulate a series of attacks, such as Cross-site Scripting (XSS), Fuzzing Scan, Invalid Types, Malformed XML, SQL Injection, XPath Injection and XML Bomb. In this way, was used the soapUI vulnerability scanner in order to emulate these attacks and insert malicious scripts in the requests of the web services tested. Furthermore, was developed a set of rules to analyze the responses in order to reduce false positives and negatives. The results suggest that 97.1% of web services have at least one vulnerability of these attacks. We also determined a ranking of these attacks against web services.

Web applications are a fundamental pillar of today's globalized world. Society depends and relies on them for business and daily life. However, web applications are under constant attack by hackers that exploit their vulnerabilities to access valuable assets and disrupt business. Many studies and reports on web application security problems analyze the victim's perspective by detailing the vulnerabilities publicly disclosed. In this paper we present a field study on the attacker's perspective by looking at over 300 real exploits used by hackers to attack web applications. Results show that SQL injection and Remote File Inclusion are the two most frequently used exploits and that hackers prefer easier rather than complicated attack techniques. Exploit and vulnerability data are also correlated to show that, although there are many types of vulnerabilities out there, only few are interesting enough for attackers to obtain what they want the most: root shell access and admin passwords.

Web applications are typically developed with hard time constraints and are often deployed with security vulnerabilities. Automatic web vulnerability scanners can help to locate these vulnerabilities and are popular tools among developers of web applications. Their purpose is to stress the application from the attacker's point of view by issuing a huge amount of interaction within it. Two of the most widely spread and dangerous vulnerabilities in web applications are SQL injection and Cross Site Scripting (XSS), because of the damage they may cause to the victim business. Trusting the results of web vulnerability scanning tools is of utmost importance. Without a clear idea on the coverage and false positive rate of these tools, it is difficult to judge the relevance of the results they provide. Furthermore, it is difficult, if not impossible, to compare key figures of merit of web vulnerability scanners. In this paper we propose a method to evaluate and benchmark automatic web vulnerability scanners using software fault injection techniques. The most common types of software faults are injected in the web application code which is then checked by the scanners. The results are compared by analyzing coverage of vulnerability detection and false positives. Three leading commercial scanning tools are evaluated and the results show that in general the coverage is low and the percentage of false positives is very high.

Internet crime is a general term that includes crimes
such as phishing, credit card frauds, bank robbery, illegal
downloading, industrial espionage, child pornography,
kidnapping children via chat rooms, scams, cyber terrorism,
creation and/or distribution of viruses, Spam and so on has been
done through injection attacks. All such crimes are computer
related and facilitated crimes. The different types of Internet crime
vary in their design and easy ability to be committed. Internet
crimes can be separated into two different categories. Blackmail
is an illegal act that has been given as a long-established new
weave in the new era. These may threaten to discharge
discomforting or other damaging information through the private
network or a Internet if the victim does not fulfill with the burden
of the criminal. A cybercrime which may go by means of having
the victim who move resources to an undetectable bank account
using such type of online imbursement program, by making full
use of new technology which is used to induce to commit the
crime, Blackmail Hackers hack Official government websites,
Online credit card scam, Work on cyber crime operations and
they make money. Using code injection techniques of various
levels shell and remote code injection has been familiarized and to
put a stop for these type of attack by preventing its code
vulnerability by dynamic evaluation of different algorithms and its
comparative analysis was performed.

Vulnerabilities in applications and their widespread exploitation through successful attacks are common these days. Testing applications for preventing vulnerabilities is an important step to address this issue. In recent years, a number of security testing approaches have been proposed. However, there is no comparative study of these work that might help security practitioners select an appropriate approach for their needs. Moreover, there is no comparison with respect to automation capabilities of these approaches. In this work, we identify seven criteria to analyze program security testing work. These are vulnerability coverage, source of test cases, test generation method, level of testing, granularity of test cases, testing automation, and target applications. We compare and contrast prominent security testing approaches available in the literature based on these criteria. In particular, we focus on work that address four most common but dangerous vulnerabilities namely buffer overflow, SQL injection, format string bug, and cross site scripting. Moreover, we investigate automation features available in these work across a security testing process. We believe that our findings will provide practical information for security practitioners in choosing the most appropriate tools.

SQL injection is one of the top threats to any web application which interacts with a database system. It is also one of the highly dangerous threats because it is easy to generate, difficult to design a defense mechanism and the data vulnerable to this type of attack is highly sensitive such as passwords, credit card details, etc. Injection attack is a method that can inject any kind of malicious string or anomaly string on the original string. The proposed algorithm shows that everything is well against the SQL Injection Attack. The Proposed a detection and prevention technique for data using Aho-Corasick pattern matching algorithm. This algorithm is classic algorithm. The results show that model protects against 100% of tested attacks before reaching the database layer.

The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident.

The presence of security flaws allows deceitful operators to exploit web application weaknesses. The researcher brings a novel vulnerability assessment technique in this study that can enhance exposure detection rates while also improving efficiency by lowering the number of test results that reports the presence of a condition wrongly and tests result that implies the absence of a condition when it is actually present. The purpose of the experiment is on a cutting-edge tool that uses a hybrid method that combines white-box and black-box testing practices. The amalgamation in building the hybrid algorithm is not done blindly as it is based on extraordinary aspects like optimization and complexity amid others to make bigger effectivity. The algorithm viably identifies SQL injections, XSS injection and can be utilized in any genuine application that run on a web server, wherever the client and the database interrelates. Crawling and parsing to discover vulnerabilities are part of the ...

Web applications are typically developed with hard time constraints and are often deployed with security vulnerabilities. Automatic web vulnerability scanners can help to locate these vulnerabilities and are popular tools among developers of web applications. Their purpose is to stress the application from the attacker's point of view by issuing a huge amount of interaction within it. Two of the most widely spread and dangerous vulnerabilities in web applications are SQL injection and Cross Site Scripting (XSS), because of the damage they may cause to the victim business. Trusting the results of web vulnerability scanning tools is of utmost importance. Without a clear idea on the coverage and false positive rate of these tools, it is difficult to judge the relevance of the results they provide. Furthermore, it is difficult, if not impossible, to compare key figures of merit of web vulnerability scanners. In this paper we propose a method to evaluate and benchmark automatic web vulnerability scanners using software fault injection techniques. The most common types of software faults are injected in the web application code which is then checked by the scanners. The results are compared by analyzing coverage of vulnerability detection and false positives. Three leading commercial scanning tools are evaluated and the results show that in general the coverage is low and the percentage of false positives is very high.

This report proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of security vulnerabilities in Web applications. We propose a static analysis approach based on a scalable and precise points-to analysis.

SQL Injection Attack (SQLIA) is a generic and
critical security issue towards to the web application and
database security. In general, poorly validated and verified
web applications are highly prone and vulnerable by the
attackers. Due to the creative and dynamic SQLIA methods
and techniques, users can save their valuable, integral and
confidential data in the web site to save their market stability
towards their self as well as social enrichment. Many
cryptographic researchers, Analyst and security personnel’s
used many subsets and plethora of tools and techniques, even
though SQL injection attack is one of the vulnerability
techniques in the critical web applications, like Banking
domain, Insurance domain, transportation domain and
trading domain, etc.
Many tools and techniques are addressed to the references
regarding the SQL Injection issues, but we are present and
used pattern matching techniques in SQL statements to
predict and detect the SQLIA in web application. At the
outset pattern matching algorithm is used and get better
solution towards on detection and prevention of SQLIA.
Keywords: SQLIA, SQL queries, web application, DBMS.

Advance Praise " Todd's methods of discussing topics are tactfully approached so they are not confusing to the reader, and his explanations are clear and easy to understand. " —Amazon Reader Review " I passed my CCNA on the first try after reading this book thoroughly. …If you read the book and do all the review questions and written labs at the end of each chapter, you will be well prepared for the exam. " —Amazon Reader Review " This is a great book! Todd Lammle has the ability to make complex topics simple. Cisco books are essential once you've mastered networking basics, but there is nothing like Sybex for learning the concepts from A to Z. " —Amazon Reader Review " Todd has been an authority in this field for as long as I can remember. His style of writing keeps the book from becoming a sleep aid and provides nuts and bolts information that is both excellent real-world reference and directly relevant to exam objectives. If you are considering taking the CCNA exam, you would be ill advised to not give this book a thorough read. " —Amazon Reader Review " This is the first book review I have ever written on Amazon. I've been in the computer/net-work support field for many years, but had almost no contact with Cisco equipment. I basically knew the 'enable' and 'config' Cisco commands. I had originally planned on shelling out the $3000 to take a CCNA boot camp, but decided that that was way too much money. So I bought this book instead … took a week off from work (which I would have done anyway for the class), and went at it ... My homegrown boot camp paid off because I passed the exam on the first try, saving almost $2900! " —Amazon Reader Review " This is the best technical book I have ever read!! " —Amazon Reader Review " This book is excellent resource for preparation for CCNA certification. It has needed information regarding the Cisco's objective. Sample test and Bonus Test give extra knowledge for exam's question. Users have more knowledge and practice of test exams. I will recommend this book for anyone who does not have any knowledge of CCNA material. " —Amazon Reader Review

Web-based applications have been hit by multiple attacks over the years. At the start of injection like SQL Injection. Over time, hackers rarely use this technique, because it takes a long time to look for loopholes in the web that will be attacked. Even so, this technique can still be relied on until hackers call the SQL Injection technique the words Old But Gold. Because this technique is powerful enough to use, cyber security security security with a web application firewall (WAF). By using a web firewall application (WAF), SQL Injection techniques can be overcome. In this report, the author will tell you who WAF works in dealing with SQL Injection and how to use SQL Injection. Aplikasi berbasis web telah terkena banyak serangan selama bertahun-tahun. Pada awal injeksi serangan seperti SQL Injection. Seiring berjalannya waktu, para hacker sudah jarang menggunakan teknik tersebut, karena memakan waktu yang cukup lama untuk mencari celah terhadap sebuah web ayang akan di serang. Meskipun begitu, teknik ini masih dapat di andalkan hingga para hacker menyebut teknik SQL Injection dengan kata-kata Old But Gold. Karena teknik ini cukup ampuh untuk di gunaka, para security cyber memperkuat keamanan dengan web application firewall (WAF). Dengan menggunakan web application firewall (WAF) , teknik SQL Injection bisa di atasi. Dalam penulisan ini, penulis akan memberitahu bagai mana cara kerja WAF dalam menghadapi SQL Injection dan bagai mana cara menggunakan SQL Injection. Kata kunci: penelitian, panduan, ilmu komputer, universitas mercu buana

Web Services are the newest mechanism of communication among applications. Web Services are independent of both hardware and software infrastructure, they are very flexible and scalable. Lack of security features provided by the web services creates a window of opportunity for attackers. Web Services are offered on Http with Simple Object Access Protocol (SOAP) as an underlying infrastructure. Both SOAP and Web Services relies heavily on XML, hence, Web Services are most vulnerable to attacks using XML as an attack parameter. Several attacks use XML and most of them lies in the category of XML injection.XML based attacks discussed in this study covered a variety of attacks for example Denial of Services and Data Theft, escalation of privileges etc. Among these attacks the injections attacks on the web services are more severe and being given special attention. This study is aimed at providing an insight of the various forms of XML injections such as XPath injection, Coercive Parsing, and oversize payload.

Web servers which provide customer services are usually connected to highly sensitive information contained backend databases. The incrementing bar of deploying such web applications initiated in ranging the corresponding bar of number of attacks that target such applications. SQL Injection Attacks come about when data provided by external user are directly included in SQL query but is not properly validated. The paper proposes a novel detection & a prevention mechanism of SQL Injection Attacks using three-tier system. As the methodology is concerned over static, dynamic & runtime detection and prevention mechanism which also filters out the malicious queries and inspires the system to be well prepared for the secure working environment, regardless of being concerned over the database server only. The cloud proposes the services like SaaS, IaaS, PaaS, DaaS, EaaS. As previous solutions are achieved for the database queries for DaaS service only, but this paper enhances the scope of other services as well. It adapts to maintain security of the whole system even when it is for any of the cloud platforms. The solution includes detection & filtration that reduces attacks to 80% in comparison to other algorithms.

Puji Syukur penulis panjatkan atas karunia nikmat yang telah diberikan oleh Tuhan Yang Maha Esa. Karena berkat rahmat-Nya penulis dapat menyelesaikan tugas dan tanggung jawab yang diberikan Dosen Pembimbing mata kuliah Keamanan Sistem dengan baik. Makalah yang berjudul "SQl Injection" ini disusun berdasarkan rangkuman dari beberapa sumber informasi dari media elektronik, dengan bahasa dan penjelasan yang sederhana dan sistematis. Harapan penulis, makalah ini dapat menjadi salah satu media yang menarik untuk dibaca dan mudah dipahami oleh seluruh pembaca.Penulis menyadari masih banyak sekali kekurangan yang ada pada makalah yang telah dibuat kali ini. Oleh karena itu penulis bisa menerima kritik dan saran yang bersifat membangun sehingga penulis dapat membuat karya yang lebih baik dari sebelumnya di kemudian hari. Terima kasih penulis haturkan kepada semua sumber yang tidak dapat disebutkan satu -persatu dimana yang telah memberi pencerahan dan pelajaran sehingga makalah ini dapat diselesaikan. Surakarta, Oktober 2018 Penulis A. Latar Belakang BAB I PENDAHULUAN

Abstract-Web application security is the hottest issue in the present scenario of e-business environment. Web application attacks can play havoc with the system within no time. More than 80% attacks are at application layer and almost 90% applications are vulnerable to these ...

From this command we would get the columns "id,accountno,name,balance": https://seclva.ifs.tuwien.ac.at/sqli/sql_level2.php?accountno=1 UNION SELECT 1,group_concat(column_name),3,4 from information_schema.columns where table_name="accounts"-output from command: AccountNo: id,accountno,name,balance Name: 3 Balance:

Database driven web application are threaten by SQL Injection Attacks (SQLIAs) because this type of attack can compromise confidentiality and integrity of information in databases. Actually, an attacker intrudes to the web application database and consequently, access to data. For stopping this type of attack different approaches have been proposed by researchers but they are not enough because usually they have limitations. Indeed, some of these approaches have not implemented yet and also most of implemented approaches cannot stop all type of attacks. In this paper all type of SQL injection attack and also different approaches which can detect or prevent them are presented. Finally we evaluate these approaches against all types of SQL injection attacks and deployment requirements.

SQL injection is one of the top threats to any web application which interacts with a database system. It is also one of the highly dangerous threats because it is easy to generate, difficult to design a defense mechanism and the data vulnerable to this type of attack is highly sensitive such as passwords, credit card details, etc. Injection attack is a method that can inject any kind of malicious string or anomaly string on the original string. The proposed algorithm shows that everything is well against the SQL Injection Attack. The Proposed a detection and prevention technique for data using Aho-Corasick pattern matching algorithm. This algorithm is classic algorithm. The results show that model protects against 100% of tested attacks before reaching the database layer.

As technology changes, it becomes increasingly challenging for businesses of all types to keep their personal and customer's information on the web secure. Web security is important to keeping hackers and cyber-thieves from accessing sensitive information. Without a proactive security strategy, businesses risk the spread and escalation of malware, attacks on other websites, networks, and other IT infrastructures. If a hacker is successful, attacks can spread from computer to computer, making it difficult to find the origin. This project deals with preventing the potential errors while developing a basic website in order to prevent it from possible cyber-attacks. Cyber-attacks will be performed on unsecured site and then its vulnerabilities will be compared with the secured site.

Today is the world of information era, where information is available on just our single click. Web applications are playing a magnificent role in this, every organizations are mapping their business from a room to the world with the help of these Web Apps. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable assets in any organization, as the adaptation of web applications are increases day by day, various attacks are possible against this. SQL injection is an attack in which an attacker directly compromises the database, that's why this is a most threatening attack. Various Vulnerability scanners has been proposed to deal with this, but none of them are able to detect SQLI completely, the existing tools have the accuracy ratio very less as well as they produce a high rate of false positive, apart from that all these tools take much time to scan. So here we are presenting a network based vulnerability scanner approach which provides a better coverage and with no false positive within a short span of time.

Today is the world of information era, where information is available on just our single click. Web applications are playing a magnificent role in this, every organizations are mapping their business from a room to the world with the help of these Web Apps. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable assets in any organization, as the adaptation of web applications are increases day by day, various attacks are possible against this. SQL injection is an attack in which an attacker directly compromises the database, that's why this is a most threatening attack. Various Vulnerability scanners has been proposed to deal with this, but none of them are able to detect SQLI completely, the existing tools have the accuracy ratio very less as well as they produce a high rate of false positive, apart from that all these tools take much time to scan. So here we are presenting a network based vulnerability scanner approach which provides a better coverage and with no false positive within a short span of time.

Today is the world of information era, where information is available on just our single click. Web applications are playing a magnificent role in this, every organizations are mapping their business from a room to the world with the help of these Web Apps. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable assets in any organization, as the adaptation of web applications are increases day by day, various attacks are possible against this. SQL injection is an attack in which an attacker directly compromises the database, that's why this is a most threatening attack. Various Vulnerability scanners has been proposed to deal with this, but none of them are able to detect SQLI completely, the existing tools have the accuracy ratio very less as well as they produce a high rate of false positive, apart from that all these tools take much time to scan. So here we are presenting a network based vulnerability scanner approach which provides a better coverage and with no false positive within a short span of time.

SQL injection vulnerability is one of the most common web-based application vulnerabilities that can be exploited by SQL injection attack. Successful SQL Injection Attacks (SQLIA) result in unauthorized access and unauthorized data modification. Researchers have proposed many methods to tackle SQL injection attack, however these methods fail to address the whole problem of SQL injection attack, because most of the approaches are vulnerable in nature, cannot resist sophisticated attack or limited to scope of subset of SQLIA type. In this paper we provide a detailed background of SQLIA together with vulnerable PHP code to demonstrate how attacks are being carried out, and discuss most commonly used method by programmers to defend against SQLIA and the disadvantages of such an approach. Lastly we reviewed most commonly use tools and methods that act a firewall for preventing SQLIA, finally wean alytically evaluated reviewed tools and methods based on our experience with respect to five different perspectives. Our evaluation results point out common trends on current SQLI prevention tools and methods. Most of these methods and tools have problems addressing store-procedure attacks, as well as problems addressing attacks that take advantage of second order SQLI vulnerability. Our evaluation also shows that only a few of these methods and tools considered can be deployed in all web-based application platforms. 
Keywords: Attack, prevention, method, approach, injection, parameters, query

Present era is all about data. But with time increases, data limit increases also. In some cases, it become huge. In 90’s and Relational databases are well enough for structure and maintain those limited amount of data. But now it is becoming more complex and impossible to maintain the huge amount of data known as big data. Only solution for this is to fit this data sets into non-relational NoSQL databases. But switching and conversation is a big challenge. In this paper the effective techniques for this conversion is discussed.