SQL injection vulnerability is one of the most common web-based application vulnerabilities that can be exploited by SQL injection attack. Successful SQL Injection Attacks (SQLIA) result in unauthorized access and unauthorized data modification. Researchers have proposed many methods to tackle SQL injection attack, however these methods fail to address the whole problem of SQL injection attack, because most of the approaches are vulnerable in nature, cannot resist sophisticated attack or limited to scope of subset of SQLIA type. In this paper we provide a detailed background of SQLIA together with vulnerable PHP code to demonstrate how attacks are being carried out, and discuss most commonly used method by programmers to defend against SQLIA and the disadvantages of such an approach. Lastly we reviewed most commonly use tools and methods that act a firewall for preventing SQLIA, finally wean alytically evaluated reviewed tools and methods based on our experience with respect to five different perspectives. Our evaluation results point out common trends on current SQLI prevention tools and methods. Most of these methods and tools have problems addressing store-procedure attacks, as well as problems addressing attacks that take advantage of second order SQLI vulnerability. Our evaluation also shows that only a few of these methods and tools considered can be deployed in all web-based application platforms.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.