Abstract-SQL injection is an attack technique that exploits a security vulnerability occurring in the database layer of an application and a service. This is most often found within web pages with dynamic content. This paper provides taxonomy on SQL injection prevention and detection approaches. Furthermore, for each type of vulnerability, we provide descriptions of how attacks of that type could take advantage of that vulnerability and perform attack. We also present and analysis some of existing detection and prevention techniques against SQL injection attacks. Finally, we compare different type of approaches and techniques and provide a list of their deployment requirements.Index Terms-SQL injection attack, SQL queries, web application, DBMS, taxonomy, web application security.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.