A Novel Approach for SQL Injection Avoidance Using Two-Level Restricted Application Prevention (TRAP) Technique

Current IT world is moving forward in revolutionary terms of e-commerce, artificial intelligence, machine learning, and many more. A lot of change has been observed in technology stack for past 2–3 years. One of the notable advancement is evolution of e-commerce sites and various other sites where user input is required. This has made these sites more vulnerable to a type of attack termed as SQL injection attack. These are just SQL executable code passed through the inputs. SQL injection attacks are the most easiest and high impacting attacks on an application. There are several ways that these attacks work, namely appending true statement, modifying existing data, union query to pull whole data, and many more. These attacks have potential to take down an entire application or delete the critical information from database. Infinite loops can also be appended in the form on functions which severely affects whole application infrastructure. User input cannot be removed from Internet ecosystem as it is the basic need for a website. Given that, this is also the most exploited channel to attack the website. By going through most of the researches done in this area, it is observed that majority of preventive techniques either work in single tier or increase complexity of the system just to implement the technique. In this paper, we propose a two-level restricted application prevention (TRAP) technique for SQL injection prevention which leads to a robust and time efficient, two-tier defense system against SQL injections with comparatively minimal impact to the application.