SQL Injection Attack: Quick View
Main Article Content
Abstract
SQL injection is a type of security vulnerability that occurs in database-driven web applications where an attacker injects malicious code into the application to gain unauthorized access to sensitive information. This paper aims to provide a comprehensive and systematic review of the existing methods for preventing and detecting SQL injection attacks. The review covers a range of techniques, including input validation, parameterized queries, and intrusion detection systems, as well as the advantages and disadvantages of each method. The most common prevention techniques include input validation, parameterized queries, and stored procedures, while the most common detection techniques include intrusion detection systems (IDS), honeypots, and signature-based detection. The choice of method will depend on the specific requirements of the organization and the level of security required. Still, a combination of prevention and detection methods is likely to be the most effective way to secure web applications against SQL injection attacks. The paper concludes that SQL injection attacks continue to be a significant security threat to web applications, and it is essential for organizations to implement effective prevention and detection methods to secure their web applications against SQL injection attacks.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
W. G. Halfond, J. Viegas, and A. Orso, "A classification of SQL-injection attacks and countermeasures," in
Proceedings of the IEEE international symposium on secure software engineering, 2006, vol. 1, pp. 13-15: IEEE.
I. S. Crespo-Martínez, A. Campazas-Vega, Á. M. Guerrero-Higueras, V. Riego-DelCastillo, C. Álvarez-Aparicio,
and C. Fernández-Llamas, "SQL injection attack detection in network flow data," Computers & Security, vol. 127,
p. 103093, 2023.
Y.-C. WANG, G.-L. ZHANG, and Y.-L. ZHANG, "Analysis of SQL Injection Based on Petri Net in Wireless
Network," Journal of Information Science & Engineering, vol. 39, no. 1, 2023.
M. S. Kim, "A Study on the Attack Index Packet Filtering Algorithm Based on Web Vulnerability," in Big Data,
Cloud Computing, and Data Science Engineering: Springer, 2023, pp. 145-152.
S. K. Shandilya, C. Ganguli, I. Izonin, and A. K. Nagar, "Cyber attack evaluation dataset for deep packet
inspection and analysis," Data in Brief, vol. 46, p. 108771, 2023.
V. Gorbatiuk and S. Gorbatiuk, "Method of detection of http attacks on a smart home using the algebraic matching
method," PROBLEMS IN PROGRAMMING, no. 3-4, pp. 396-402, 2023.
M. R. Erlambang, I. W. Hamzah, and F. Dewanta, "Machine Learning Approach for Intrusion Detection System
to Mitigate Distributed Denial of Service Attack Based on Convolutional Neural Network Algorithm,"
eProceedings of Engineering, vol. 9, no. 6, 2023.
M. Kumar, "SQL Injection Attack on Database System," Wireless Communication Security, p. 183, 2023.
M. Baklizi, I. Atoum, M. A.-S. Hasan, N. Abdullah, O. A. Al-Wesabi, and A. A. Otoom, "Prevention of Website
SQL Injection Using a New Query Comparison and Encryption Algorithm," International Journal of Intelligent
Systems and Applications in Engineering, vol. 11, no. 1, pp. 228-238, 2023.
N. Yadav and N. M. Shekokar, "SQL Injection Attacks on Indian Websites: A Case Study," in Cyber Security
Threats and Challenges Facing Human Life: Chapman and Hall/CRC, 2023, pp. 153-170.
A. Hadabi, E. Elsamani, A. Abdallah, and R. Elhabob, "An Efficient Model to Detect and Prevent SQL Injection
Attack," Journal of Karary University for Engineering and Science, 2022.
S. Manhas, "An Interpretive Saga of SQL Injection Attacks," in Emerging Technologies in Data Mining and
Information Security: Proceedings of IEMIS 2022, Volume 1: Springer, 2022, pp. 3-12.
M. Alajanbi, M. A. Ismail, R. A. Hasan, and J. Sulaiman, "Intrusion Detection: A Review," Mesopotamian Journal
of CyberSecurity, vol. 2021, pp. 1-4, 2021.
D. Chou and M. Jiang, "A survey on data-driven network intrusion detection," ACM Computing Surveys (CSUR),
vol. 54, no. 9, pp. 1-36, 2021