BlockchainSQLSecure: Integration of Blockchain to Strengthen Protection Against SQL Injections
DOI:
https://doi.org/10.17721/1812-5409.2024/1.29Keywords:
Blockchain, Django, security, integration, access restriction, Python, web applicationsAbstract
In the field of web development, there has been an increased necessity for tools to protect against SQL injections, which can have catastrophic consequences for databases. This article introduces the concept of BlockchainSQLSecure, a unique method that leverages the capabilities of blockchain technologies to establish an additional layer of security in Django applications.
The central idea revolves around creating a blockchain ledger for each SQL query made to the database, ensuring data immutability and traceability. This level of transparency actively counteracts the possibility of unauthorized modifications or injection attempts, as any interference becomes immediately apparent.
In the context of this article, mechanisms for validating SQL queries through smart contracts on the blockchain have been explored, which enable the automatic rejection of queries containing potential injections. Additionally, methods of decentralized log storage have been examined, providing for the distribution of information among network participants, thereby rendering the system resilient to attacks and attempts of external interference.
Furthermore, BlockchainSQLSecure can be implemented as a plugin for Django, facilitating its integration into existing projects. In a broader sense, the presented concept demonstrates how the combination of traditional protection methods and modern blockchain technologies can offer a new level of security for web applications.
Pages of the article in the issue: 160 - 168
Language of the article: Ukrainian
References
NAGABHOOSHANAM N., BALA SUNDARA GANAPATHY N., RAVINDRA MURTHY C., AL ANSARI MOHAMMED SALEH, COSIOBORDA R. F. Neural network based single index evaluation for SQL injection attack detection in health care data. // Measurement: Sensors. 27, 2023. 100779. р. 2665-9174.
DEVALLA V., SRINIVASA RAGHAVAN S., MASTE S., KOTIAN J., ANNAPURNA D. mURLi: A Tool for Detection of Malicious URLs and Injection Attacks. // Procedia Computer Science, 2022, 215. р. 662–676.
TANRIVERDI M., TEKEREK A. Implementation of Blockchain Based Distributed Web Attack Detection Application. // Feminist Press at CUNY. 2021. 102 р.
SIVA KUMAR A, GODFREY WINSTER S, RAMESH R. Efficient sensitivity orient blockchain encryption for improved data security in cloud.// Concurrent Engineering. 2021, 29(3). р. 249-257.
AINI Q., MANONGGA D., RAHARDJA U., SEMBIRING . I., ELMANDA V., FATURAHMAN A., SANTOSO N. P. L. Security Level Significance in DApps Blockchain-Based Document Authentication. // Aptisi Transactions on Technopreneurship (ATT), 2022, 4(3). р. 292–305.
GUANXIU L. The Application of Data Encryption Technology in Computer Network Communication Security // Mobile Information Systems, vol. 2022, Article ID 3632298, 10 p.
CHEN W., CHEN G., ZHAO Y., ZHANG J. Security vulnerability and encryption technology of computer information technology data under big data environment. // Journal of Physics: Conference Series. 1800 (2021) 012012.
AWADALLAH R., SAMSUDIN A. Using Blockchain in Cloud Computing to Enhance Relational Database Security. // IEEE Access, 2021, vol. 9, pp. 137353-137366.
ALGHAWAZI M., ALGHAZZAWI D., ALARIFI S. Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review. // Journal Cybersecurity and Privacy, 2022, 2(4), рр. 764-777.
SAKHARKAR S. Systematic Review: Analysis of Coding Vulnerabilities across Languages. // Journal of Information Security. 2023, 14. pp. 330-342.
ZAMAN S., ALHAZMI K.; ASEERI M.A.; AHMED M. R.; KHAN R. T. Security Threats and Artificial Intelligence Based Countermeasures for Internet of Things Networks: A Comprehensive Survey // IEEE Access, 2021, vol. 9, pp. 94668-94690.
ALOUFFI B., HASNAIN M., ALHARBI A., ALOSAIMI W., ALYAMI H., AYAZ M. A Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies. // IEEE Access, 2021, vol. 9, pp. 57792-57807.
LI J., KASSEM M. Applications of distributed ledger technology (DLT) and Blockchain-enabled smart contracts in construction. // Automation in Construction, 2021, Volume 1, 32, 103955.
QUERALTA J. P., KERAMAT F., SALIMI S., FU L., YU X., WESTERLUND T. Blockchain and Emerging Distributed Ledger Technologies for Decentralized Multi-robot Systems. // Current Robotics Reports. 2023, Volume 4, pp. 43–54.
TANWAR S., GUPTA N., IWENDI C., KUMAR K., ALENEZI M. Next Generation IoT and Blockchain Integration. // Journal of Sensors. Volume 2022, Article ID 9077348, 14 p.
HUSSEIN K. M., AL-GAILANI M. F. Evaluation Performance of Bloom Filter in Blockchain Network. // Iraqi Journal of Information and Communications Technology. 2023, 6(1), pp. 1-8.
KALAJDJIESKI J., RAIKWAR M., ARSOV N., VELINOV G., GLIGOROSKI D. Databases fit for blockchain technology: A complete overview.// Blockchain: Research and Applications. 2023, Volume 4, Issue 1, 100116.
PRZYTARSKI D., STACH C., GRITTI C., MITSCHANG B. Query Processing in Blockchain Systems: Current State and Future Challenges. Security and Privacy in Blockchains and the IoT. // Future Internet. 2022, 14(1), 1.
SOBCHUK V., ZAMRII I., LAPTIEV S. Ensuring Functional Stability of Technological Processes as Cyberphysical Systems Using Neural Networks. // Springer Nature Switzerland AG 2023 O. Arsenyeva et al. (Eds.): Smart Technologies in Urban Engineering Proceedings of STUE-2022. Lecture Notes in Networks and Systems, 2023, Volume 536. pp. 581–592.
OLADIMEJI S., KERNER S. M. SolarWinds hack explained: Everything you need to know. TechTarget. 2023, November 3. https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know
CHAMBERLAND C. Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin. Wordfence. 2022, February 10.https://www.wordfence.com/blog/2022/02/unauthenticated-sql-injection-vulnerability-patched-in-wordpress-statistics-plugin/
Anderson L. Hack of 150,000 Verkada cameras: It could have been worse. SourceSecurity. 2021, February. https://www.sourcesecurity.com/insights/hack-150-000-verkada-security-cameras-tesla-co-2566-ga-co-14080-ga-co-1552977087-ga-sb.1615396438.html
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Iryna Zamrii, Ivan Shakhmatov, Vladyslav Yaskevych
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).