Prevention of SQL Injection Attack by Using Black Box Testing

“…State-of-the-art research of SQL Injection Solutions Figure 6 demonstrates the distribution of SQL Injection techniques used in reducing web application vulnerabilities. Multifarious researchers [83]- [97] implement a pattern matching algorithm to detect and prevent SQL Injection attacks. All applied dynamic analysis except [91], [98]- [100] whom used static analysis.…”

“…They check user SQL input and find whether they are SQL injected or not using various approaches viz. scanner [92], [94], [95], [97], regular expression [86], string pattern [88] [100], keyword matching [96], no sanitization [84], sanitizing or blocking [87] [101], access control methods [90], and with the cooperation of intrusion detection systems (IDS) [83] [89]. Figure 7 depicts the distribution of the different pattern matching techniques used in SQLI.…”

“…Their method lacks comparison with more advanced scanners. Recently, Thombare and Soni [97] also presented a scanner consisting of four elements: crawling by visiting URLs that talk with database, attacking by sending malicious SQL request, analysis by analyzing response page to determine if there are vulnerabilities or not, and their final component is report generation.…”

Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art

“…State-of-the-art research of SQL Injection Solutions Figure 6 demonstrates the distribution of SQL Injection techniques used in reducing web application vulnerabilities. Multifarious researchers [83]- [97] implement a pattern matching algorithm to detect and prevent SQL Injection attacks. All applied dynamic analysis except [91], [98]- [100] whom used static analysis.…”

“…They check user SQL input and find whether they are SQL injected or not using various approaches viz. scanner [92], [94], [95], [97], regular expression [86], string pattern [88] [100], keyword matching [96], no sanitization [84], sanitizing or blocking [87] [101], access control methods [90], and with the cooperation of intrusion detection systems (IDS) [83] [89]. Figure 7 depicts the distribution of the different pattern matching techniques used in SQLI.…”

“…Their method lacks comparison with more advanced scanners. Recently, Thombare and Soni [97] also presented a scanner consisting of four elements: crawling by visiting URLs that talk with database, attacking by sending malicious SQL request, analysis by analyzing response page to determine if there are vulnerabilities or not, and their final component is report generation.…”

Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art

Detection SQL Injection Attacks Against Web Application by Using K-Nearest Neighbors with Principal Component Analysis

Provably throttling SQLI using an enciphering query and secure matching