Corpus ID: 212544069

Detection and Prevention of SQL Injection Attack: A Survey

@inproceedings{Alwan2017DetectionAP,
  title={Detection and Prevention of SQL Injection Attack: A Survey},
  author={Zainab S. Alwan and Manal Fadel Younis},
  year={2017}
}
SQL (structure query language) injection is one of threats to the applications, which are Web-based application, Mobile application and even desktop application, which are connected to the database. By implementing SQL injection, attacker can gain full access to the application or database so that it can remove or change significant data irresponsibly. Applications that do not properly validate the user’s input make them vulnerable against SQL injection. SQL Injection Attacks (SQLIA) occurs… Expand

Figures and Tables from this paper

SQL Injection Detection and Prevention Techniques in ASP.NET Web Application
Injection in SQL (structure query language) is one of the threats to web-based apps, mobile apps and even desktop applications associated to the database. An effective SQL Injection Attacks (SQLIA)Expand
SQLIA Detection and Prevention Techniques
Structure Query Language Injection (SQLI) is one of the top most threat to web-based applications (Like e-commerce, banking, shopping, trading, blogs, etc.) which are connected to the database. TheExpand
A Detection and Prevention Technique on SQL Injection Attacks
TLDR
An approach which detects a query token with reserved words-based lexicon to detect Structured Query Language Injection Attack (SQLIA) is presented, and the result are satisfactory. Expand
Vulnerability detection and prevention of SQL injection
TLDR
The comparison of these methods used for detection and prevention vulnerability in web server shows different defence methods are used to prevent SQL injection attack. Expand
SQL Injection Attacks Prevention System Technology: Review
TLDR
PHP techniques and other techniques for protecting SQL from the injection, methods for detecting SQL attacks, types of SQL injections, causes of SQL injection via getting and Post, and prevention technology for SQL vulnerabilities are reviewed. Expand
A Framework for SQL Injection Investigations: Detection, Investigation, and Forensics
TLDR
This paper proposes a framework of SQLi Investigation Architecture (SIA) and proves its feasibility in fighting against ofSQLi attacks and an effective and efficient approach is proposed to prosecute SQLi aggressors and keep them away from abusing the database. Expand
Efficient Detection Of SQL Injection Attack(SQLIA) Using Pattern-based Neural Network Model
  • Meharaj Begum A, M. Arock
  • 2021 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS)
  • 2021
Web application vulnerability is one of the major causes of cyber attacks. Cyber criminals exploit these vulnerabilities to inject malicious commands to the unsanitized user input in order to bypassExpand
Analysis of Web Server Security Against Structure Query Language Injection Attacks in ASEAN Senior High Schools
TLDR
Methods the forensic used to analyze web servers against attacks SQLI, which shows a study of web server with techniques SQLI is the highest risk level of 27% in Web Server Singapore and lowest risk level on a Web Server the Philippines. Expand
Overview of SQL Injection Defense Mechanisms
TLDR
This work main subject of the research is analysis of the methods of SQL injection attacks and creating an overview of the best defense mechanisms for detection and prevention of SQL injections, as well as practical simulation of this kind of cyber-attack. Expand
A Comprehensive Survey for Detection and Prevention of SQL Injection
This project aims to stop SQL injection attacks and make the database safer. This system is online, and there is no need for implementation. This can be accessed from any location via the internet.Expand
...
1
2
3
...

References

SHOWING 1-10 OF 36 REFERENCES
A Survey on SQL Injection attacks, their Detection and Prevention Techniques
TLDR
In this paper, all SQL injection attack types are presented and also different technique and tools which can detect or prevent these attacks are assessed. Expand
Analysis of SQL Injection Detection Techniques
TLDR
This paper presents the extensive review for the Advanced SQL Injection attack such as Fast Flux Sql Injection, Compounded SQL Injected and Deep Blind SQL In injection, and analyzes the detection and prevention using the classical methods as well as modern approaches. Expand
A Method of Detecting Sql Injection Attack to Secure Web Applications
TLDR
This paper proposes a new method for preventing SQL injection attacks in JSP web applications by using semantic comparison to check before execution, the intended structure of the SQL query. Expand
Protection Web Applications using Real-Time Technique to Detect Structured Query Language Injection Attacks
TLDR
Developing Web Application SQLI Protector (WASP) tool in real-time web application to detect SQL injection attacks in stored procedures and impose minimal deploy requirements. Expand
Minimization of SQL injection in scheduling application development
TLDR
The results of research on the use of PDO Parameterized Query to minimize SQL Injection on the new scheduling application are described, making it not vulnerable to attack that caused by SQL injection. Expand
CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks
TLDR
A novel and powerful scheme for automatically transforming Web applications to render them safe against all SQL injection attacks, and a simple and novel mechanism, called Candid, for mining programmer intended queries by dynamically evaluating runs over benign candidate inputs. Expand
New Strategy for Mitigating of SQL Injection Attack
TLDR
An approach based on negative tainting along with SQL keyword analysis for detecting and preventing SQLIA attack is proposed and tested on all types of SQLIAs techniques. Expand
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
TLDR
A new, highly automated approach for protecting existing Web applications against SQL injection, based on the novel idea of positive tainting and the concept of syntax-aware evaluation is proposed. Expand
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
TLDR
The construction and design of a static analysis framework (called SAFELI) for identifying SIA vulnerabilities at compile time is proposed, which has the future potential to discover more delicate SQL injection attacks than black-box Web security inspection tools. Expand
Automatic creation of SQL Injection and cross-site scripting attacks
TLDR
This work presents a technique for finding security vulnerabilities in Web applications by analyzing the input to the application to access or modify user data and execute malicious code. Expand
...
1
2
3
4
...