Abstract: Online business expects web applications to be secure, efficient and reliableto the users against SQL Injection Attacks. The SQL Injection Attack exploits a security vulnerability occurring in the backend database layer of a web application which is the results of poor input validation in code and website administration. This allows attackers to obtain unauthorized access to the user sensitive information or change the intended web application through SQL queries. In the past, researchers have developed several methods/techniques to overcome the SQL injection problems. However, these approaches either have limitations or fail to cover full scope of the problem. In this paper, a hash function based authentication scheme including data validation is proposed to protect web applications against the SQL Injection attacks. A review of the different types of SQL injection attacks and cases of how attacks of that type could be performed is presented. The proposed techniqueis found to be quite useful and secure for protecting web applications against SQL Injection attacks.

Keywords: SQL Injection attack, Hash function algorithm, Database Security, validation.