Dr K.V.N.Sunitha & Mrs.M.Sridevi International Journal of Computer Science and Security (IJCSS), Volume (4): Issue (4) 426 Automated Detection System for SQL Injection Attack   Dr K.V.N.Sunitha        k.v.n.sunitha@gmail.com    Professor &Head, Department of Computer Science & Engineering, G.Narayanamma Institute of Technology and Science Shaikpet, Hyderabad – 500 008, A.P., India Mrs.M. Sridevi          sreetech99@gmail.com    Assoc.Professor, Department of Computer Science & Engineering Laqshya Institute of Technology and Science Konijerla, Khammam – 507 305 , A.P., India  Abstract Many software systems have evolved as Web-based t that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. One of these attacks is SQL Injection vulnerability (SQLIV), which can give attackers unrestricted access to the databases that underlie Web applications and has become increasingly frequent and serious. The intent is that Web applications will limit the kinds of queries that can be generated to a safe subset of all possible queries, regardless of what input user provides. SQL Injection attacks are possible due to the design drawbacks of the web sites, which interact with back-end databases. Successful attacks may damage more. We introduce a system that deals with new automated technique for preventing SQL Injection Attacks based on the novel concept of regular expressions is to detect SQL Injection attacks. The proposed system can detect the attacks that are from Internet and Insider Attacks, by analyzing the packets of the network servers. Keywords—Intrusion Detection, Injection Attacks, Regular Expressions, SQL Query.    1. INTRODUCTION Nowadays it is most common for any organization to use database and web application for maintaining their information. Security of these systems became crucial. Internet threats like SQL Injection attacks on database through web applications are more. Solutions for to avoid these attacks are 1. Placing a powerful Network SQL Injection Intrusion Detection Systems (IDS). 2. SQL Injection Insider Misuse Detection Systems(SQLIMDS). Web applications interface with databases that contain information such as customer names, preferences, credit card numbers, purchase orders, and so on. Web applications build SQL queries to access these databases based, in part, on user-provided input. Inadequate input validation can enable attackers to gain complete access to such databases. One way in which this happens is that attackers can submit input strings that contain specially encoded database commands. When the Web application builds a query by using these strings and submits the query to its underlying database, the attacker’s embedded commands are executed by the database and the attack succeeds. The results of these attacks are often disastrous and can range from leaking of sensitive data to the destruction of database contents.