A survey on SQL injection attacks, detection and prevention techniques

Kumar, Praveen; Pateriya, R. K.

doi:10.1109/icccnt.2012.6396096

Cited by 46 publications

(29 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The reconstructed query syntax is shown in Figure 16. There are various automatic tools to implement SQLi [9], [8]. As we have used manual testing approach.…”

Section: B Joining or Balancing The Querymentioning

confidence: 99%

See 1 more Smart Citation

Exploring the SQL injection vulnerabilities of bd domain web applications

Alam¹,

Alamgir²,

Farah³

2015

Third International Conference on Advances in Computing, Electronics and Communication - ACEC 2015

View full text Add to dashboard Cite

“…The reconstructed query syntax is shown in Figure 16. There are various automatic tools to implement SQLi [9], [8]. As we have used manual testing approach.…”

Section: B Joining or Balancing The Querymentioning

confidence: 99%

“…Structure query language Injection (SQLi) and Cross site scripting (XSS) are two of the most used exploitation [5]. Over the past few years there has been plenty of research in these fields of web application security, their types and vulnerabilities [ [6], [8]. There are various sub types of SQLi and XSS [7].…”

Section: Introductionmentioning

confidence: 99%

Exploring the SQL injection vulnerabilities of bd domain web applications

Alam¹,

Alamgir²,

Farah³

2015

Third International Conference on Advances in Computing, Electronics and Communication - ACEC 2015

View full text Add to dashboard Cite

“…Kumar and Pateriya's [28] paper provides a review of the various types of SQLIAs including an example of each type. The 21 surveyed papers are mapped to the SQLIA types, Junjin [29] proposes an approach for SQL injection vulnerability detection; however, one half of the paper is dedicated to analyzing two other detection techniques.…”

Section: Related Workmentioning

confidence: 99%

A Structured Analysis of SQL Injection Runtime Mitigation Techniques

Steiner

Leon

Alves-Foss

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

Abstract-SQL injection attacks (SQLIA) still remain one of the most commonly occurring and exploited vulnerabilities. A considerable amount of research concerning SQLIA mitigation techniques has been conducted with the primary resulting solution requiring developers to code defensively. Although, defensive coding is a valid solution, the current market demand for websites is being filled by inexperienced developers with little knowledge of secure development practices. Unlike the successful case of ASLR, no SQLIA runtime mitigation technique has moved from research to enterprise use. This paper presents an in-depth analysis and classification, based on Formal Concept Analysis, of the 10 major SQLIA runtime mitigation techniques. Based on this analysis, one technique was identified that shows the greatest potential for transition to enterprise use. This analysis also serves as an enhanced SQLIA mitigation classification system. Future work includes plans to move the selected SQLIA runtime mitigation technique closer to enterprise use.

show abstract

“…This type of SQLIA is a function call injection category and can be deliberately crafted to execute malicious codes so as to attack the operating system (Kumar & Pateriya, 2012).…”

Section: (5) Stored Proceduresmentioning

confidence: 99%

Exploring Defense of SQL Injection Attack in Penetration Testing

Zhu

Yan

2017

International Journal of Digital Crime and Forensics

View full text Add to dashboard Cite

SQLIA is adopted to attack websites with and without confidential information.Hackers utilize the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack (DDoS). The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims always are not aware of that their confidential information has been compromised for a long time.The contributions of this thesis are: (1) systematically explore SQLIA, SQLIA prevention in theory; (2)

show abstract

A survey on SQL injection attacks, detection and prevention techniques

Cited by 46 publications

References 18 publications

Exploring the SQL injection vulnerabilities of bd domain web applications

Exploring the SQL injection vulnerabilities of bd domain web applications

A Structured Analysis of SQL Injection Runtime Mitigation Techniques

Exploring Defense of SQL Injection Attack in Penetration Testing

Contact Info

Product

Resources

About