Code Injection attack a major concern for web security, occurs when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or when user input is not strongly typed and thereby unexpectedly executed, causing an error due to improper setup or coding such that the system fails to handle or properly respond to exceptional or unexpected data or conditions, which results in a situation wherein user credentials can be captured by injecting exceptional data. In spite of many tools and techniques, attacks on web application especially through SQL Injection Attacks are at a rise. Threat modeling is an important risk assessment and mitigation practice that provides the capability to secure a web application. A comprehensively designed threat model can provide a better understanding of the risks and help determine the extent of mitigation action.
This paper aims to obviate code injection attacks by espousing the prevention framework which is a comprehensive structured approach that would help to identify and mitigate Code Injections attacks and shield the database lying in the database servers, which may be unauthorized accessed for malafide reasons from the web applications.