SQL Injection Attack: Quick View

Article Sidebar

PDF
Published: Feb 14, 2023
DOI: https://doi.org/10.58496/MJCS/2023/006
Keywords:
Cybersecurity, SQL Injection, IDS

Main Article Content

Vugar Abdullayev
Azerbaijan State Oil and Industry University, Azerbaijan
Dr. Alok Singh Chauhan
Associate Professor, Department of Information Technology, ABES Engineering College, Ghaziabad, India

Abstract

SQL injection is a type of security vulnerability that occurs in database-driven web applications where an attacker injects malicious code into the application to gain unauthorized access to sensitive information. This paper aims to provide a comprehensive and systematic review of the existing methods for preventing and detecting SQL injection attacks. The review covers a range of techniques, including input validation, parameterized queries, and intrusion detection systems, as well as the advantages and disadvantages of each method. The most common prevention techniques include input validation, parameterized queries, and stored procedures, while the most common detection techniques include intrusion detection systems (IDS), honeypots, and signature-based detection. The choice of method will depend on the specific requirements of the organization and the level of security required. Still, a combination of prevention and detection methods is likely to be the most effective way to secure web applications against SQL injection attacks. The paper concludes that SQL injection attacks continue to be a significant security threat to web applications, and it is essential for organizations to implement effective prevention and detection methods to secure their web applications against SQL injection attacks.

Downloads

Download data is not yet available.

Article Details

How to Cite
Abdullayev, V., & Chauhan, D. A. S. (2023). SQL Injection Attack: Quick View. Mesopotamian Journal of CyberSecurity, 2023, 30–34. https://doi.org/10.58496/MJCS/2023/006
Issue
Vol. 2023 (2023)
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC

References

W. G. Halfond, J. Viegas, and A. Orso, "A classification of SQL-injection attacks and countermeasures," in

Proceedings of the IEEE international symposium on secure software engineering, 2006, vol. 1, pp. 13-15: IEEE.

I. S. Crespo-Martínez, A. Campazas-Vega, Á. M. Guerrero-Higueras, V. Riego-DelCastillo, C. Álvarez-Aparicio,

and C. Fernández-Llamas, "SQL injection attack detection in network flow data," Computers & Security, vol. 127,

p. 103093, 2023.

Y.-C. WANG, G.-L. ZHANG, and Y.-L. ZHANG, "Analysis of SQL Injection Based on Petri Net in Wireless

Network," Journal of Information Science & Engineering, vol. 39, no. 1, 2023.

M. S. Kim, "A Study on the Attack Index Packet Filtering Algorithm Based on Web Vulnerability," in Big Data,

Cloud Computing, and Data Science Engineering: Springer, 2023, pp. 145-152.

S. K. Shandilya, C. Ganguli, I. Izonin, and A. K. Nagar, "Cyber attack evaluation dataset for deep packet

inspection and analysis," Data in Brief, vol. 46, p. 108771, 2023.

V. Gorbatiuk and S. Gorbatiuk, "Method of detection of http attacks on a smart home using the algebraic matching

method," PROBLEMS IN PROGRAMMING, no. 3-4, pp. 396-402, 2023.

M. R. Erlambang, I. W. Hamzah, and F. Dewanta, "Machine Learning Approach for Intrusion Detection System

to Mitigate Distributed Denial of Service Attack Based on Convolutional Neural Network Algorithm,"

eProceedings of Engineering, vol. 9, no. 6, 2023.

M. Kumar, "SQL Injection Attack on Database System," Wireless Communication Security, p. 183, 2023.

M. Baklizi, I. Atoum, M. A.-S. Hasan, N. Abdullah, O. A. Al-Wesabi, and A. A. Otoom, "Prevention of Website

SQL Injection Using a New Query Comparison and Encryption Algorithm," International Journal of Intelligent

Systems and Applications in Engineering, vol. 11, no. 1, pp. 228-238, 2023.

N. Yadav and N. M. Shekokar, "SQL Injection Attacks on Indian Websites: A Case Study," in Cyber Security

Threats and Challenges Facing Human Life: Chapman and Hall/CRC, 2023, pp. 153-170.

A. Hadabi, E. Elsamani, A. Abdallah, and R. Elhabob, "An Efficient Model to Detect and Prevent SQL Injection

Attack," Journal of Karary University for Engineering and Science, 2022.

S. Manhas, "An Interpretive Saga of SQL Injection Attacks," in Emerging Technologies in Data Mining and

Information Security: Proceedings of IEMIS 2022, Volume 1: Springer, 2022, pp. 3-12.

M. Alajanbi, M. A. Ismail, R. A. Hasan, and J. Sulaiman, "Intrusion Detection: A Review," Mesopotamian Journal

of CyberSecurity, vol. 2021, pp. 1-4, 2021.

D. Chou and M. Jiang, "A survey on data-driven network intrusion detection," ACM Computing Surveys (CSUR),

vol. 54, no. 9, pp. 1-36, 2021