With the advancement of technology everyone is using computer and web applications. These web applications can be easily made by using rapid application development environments by developers. But they do not consider security aspect necessary in the process of providing attractive functionalities & also they are not experts in that field. This make web applications vulnerable to several attacks. Among these attacks SQL injection is considered most dangerous vulnerability. This paper describes various approaches used by authors to prevent SQL injection attack using various methods like intrusion detection, black box testing etc.

[1] José Fonseca, Marco Vieira, and Henrique Madeira, “Detecting malicious SQL,” ESTG-ISUC, 2007.
[2] Open web application security project.Thetoplist of most severe web application vulnerabilities, 2004.
[3] Christian Bockermann, Martin Apel, and Michael Meier, “Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling(Extended Abstract),” Artificial Intelligence Group, Information Systems and Security Group ,Department of Computer Science TechnischeUniversit¨at Dortmund,2009.
[4] Fredrik Valeur, Darren Mutz, and Giovanni Vigna, “A Learning-Based Approach to the Detection of SQL Attacks,” Reliable Software Group, Department of Computer Science, University of California, Santa Barbara , 2005.
[5] Jin-Cherng Lin, Jan-Min Chen and Hsing-Kuo Wong, “An Automatic Meta-revised Mechanism for Anti-malicious Injection,” The Dept. of Computer Sci&Eng, Tatung University, Taipei 10451, Taiwan, The Dept. of Information Management, Yu Da College of Business Miaoli 36143,Taiwan, Chung-shan Institute of Science and Technology, 2007.
[6] Orlando Karam and Svetlana Peltsverger, “Teaching with security in mind,” Department of Computer Science and Software Engineering School of Computing and Software Engineering Southern Polytechnic State University Marietta, GA 30060, 2009
[7] Lee, S.-Y., Low, W.L., Wong, P.Y.: “Learning fingerprints for a database intrusion detection system.” In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 264–280. Springer, Heidelberg , 2002.
[8] CristianPinzón, Álvaro Herrero, Juan F. De Paz, Emilio Corchado,and Javier Bajo, CBRid4SQL: “A CBR Intrusion Detector for SQLInjection Attacks,”HAIS 2010, Part II, LNAI 6077, pp. 510–519, 2010. © Springer-Verlag Berlin Heidelberg, 2010.
[9] JaroslawSkaruz, FranciszekSeredynski, and Pascal Bouvry, “Tracing SQL attacks via neural networks,”PPAM 2007, LNCS 4967, pp. 549–558, 2008._c Springer-Verlag Berlin Heidelberg, 2008.
[10] JaroslawSkaruz, Jerzy PawelNowacki, AldonaDrabik,FranciszekSeredynski, and Pascal Bouvry, “Soft computing techniques for intrusion detection of SQL based attacks,” ACIIDS 2010, Part I, LNAI 5990, pp. 33–42, 2010.c_Springer-Verlag Berlin Heidelberg 2010.
[11] Sin Yeung Lee, WaiLup Low, and Pei Yuen Wong, “Learning fingerprints for database Intrusion detection system,”ESORICS 2002, LNCS 2502, pp. 264–279, 2002.c_Springer-Verlag Berlin Heidelberg, 2002.
[12]Mehdi Kiani, Andrew Clark and George Mohay, “Evaluation of Anomaly Based Character DistributionModels in the Detection of SQL Injection Attacks,” 0-7695-3102-4, 2008 IEEE, 2008.
[13] AziahAsmawi, Zailani Mohamed Sidek and ShukorAbdRazak, “System Architecture for SQL Injection and Insider Misuse Detection Systemfor DBMS,” Faculty of Computer Science and Information System UniversitiTeknologi Malaysia 978-1-4244-2328-6, IEEE, 2008.
[14] Abdul Razzaq, Ali Hur, NasirHaider, Farooq Ahmad, “Multi-Layered Defense against Web Application Attacks,” NUST School of Electrical Engineering and Computer Sciences, Pakistan, 978-0-7695-3596-8, © 2009 IEEE DOI 10.1109/ITNG.2009.77, 2009.
[15] Angelo Ciampa, Corrado Aaron Visaggio and Massimiliano Di Penta, “A heuristic-based approach for detecting SQL-injection vulnerabilities in Web applications,” ACM, 978-1-60558-965-7, 2010.
[16] StephenW. Boyd and Angelos D. Keromytis, SQLrand: “Preventing SQL Injection Attacks,” Springer-Verlag Berlin Heidelberg, 2004.

@article{manjuKhari02061006,
title = "Preventing SQL-BasedAttacks Using Intrusion Detection System ",
journal = "International Journal of Science and Engineering Applications (IJSEA)",
volume = "2",
number = "6",
pages = "145 - 150",
year = "2013",
author = "ManjuKhari, Anjali Karar ",
}