A Literature Review and Comparative Analyses on SQL Injection: Vulnerabilities, Attacks and their Prevention and Detection Techniques
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The attack takes advantage of poor input validation in code and website administration. It allows attackers to obtain unauthorized access to the back-and database to change the intended application generated SQL queries. Researchers have proposed various solutions to address SQL injection problems. However, many of them have limitations and often cannot address all kind of injection problems. Whats more, new types of SQL injection attacks have arisen over the years. To better counter these attacks, identifying and understanding existing techniques are very important. In this research we present all SQL injection attack types and also different techniques and tools which can detect or prevent these attacks.
Keywords: SQL injection attacks, Web application security, prevention, detection.
Download Full-Text
ABOUT THE AUTHORS
Bojken Shehu
He is a pedagogue in Polytechnic University of Tirana, Faculty of Information Technology, in Computer Engineering Department. In 2007 he has finished the Bachelor Thesis in Saint Petersburg State Polytechnic University, Russia and in 2010 he has finished the Master Thesis in Bauman Moscow State Technical University, Russia and now he is a PhD student in Polytechnic University of Tirana, Albania.
Aleksander Xhuvani
He is a pedagogue in Polytechnic University of Tirana, Faculty of Information Technology, in Computer Engineering Department. He has finished the PhD study at Bordeaux in France. At 2004 he is graduated as Prof. Dr.
Bojken Shehu
He is a pedagogue in Polytechnic University of Tirana, Faculty of Information Technology, in Computer Engineering Department. In 2007 he has finished the Bachelor Thesis in Saint Petersburg State Polytechnic University, Russia and in 2010 he has finished the Master Thesis in Bauman Moscow State Technical University, Russia and now he is a PhD student in Polytechnic University of Tirana, Albania.
Aleksander Xhuvani
He is a pedagogue in Polytechnic University of Tirana, Faculty of Information Technology, in Computer Engineering Department. He has finished the PhD study at Bordeaux in France. At 2004 he is graduated as Prof. Dr.
