View Article |
Review on SQL injection protection methods and tools
Muhammad Saidu Aliero1, Imran Ghani2, Syeed Zainudden3, Muhammad Murad Khan4, Munir Bello5.
SQL injection vulnerability is one of the most common web-based application vulnerabilities that can be exploited by SQL injection attack. Successful SQL Injection Attacks (SQLIA) result in unauthorized access and unauthorized data modification. Researchers have proposed many methods to tackle SQL injection attack, however these methods fail to address the whole problem of SQL injection attack, because most of the approaches are vulnerable in nature, cannot resist sophisticated attack or limited to scope of subset of SQLIA type. In this paper we provide a detailed background of SQLIA together with vulnerable PHP code to demonstrate how attacks are being carried out, and discuss most commonly used method by programmers to defend against SQLIA and the disadvantages of such an approach. Lastly we reviewed most commonly use tools and methods that act a firewall for preventing SQLIA, finally wean alytically evaluated reviewed tools and methods based on our experience with respect to five different perspectives. Our evaluation results point out common trends on current SQLI prevention tools and methods. Most of these methods and tools have problems addressing store-procedure attacks, as well as problems addressing attacks that take advantage of second order SQLI vulnerability. Our evaluation also shows that only a few of these methods and tools considered can be deployed in all web-based application platforms.
Affiliation:
- Universiti Teknologi Malaysia, Malaysia
- Universiti Teknologi Malaysia, Malaysia
- Universiti Teknologi Malaysia, Malaysia
- Universiti Teknologi Malaysia, Malaysia
- Universiti Teknologi Malaysia, Malaysia
Download this article (This article has been downloaded 134 time(s))
|
|
Indexation |
Indexed by |
MyJurnal (2021) |
H-Index
|
6 |
Immediacy Index
|
0.000 |
Rank |
0 |
Indexed by |
Scopus 2020 |
Impact Factor
|
CiteScore (1.4) |
Rank |
Q3 (Engineering (all)) |
Additional Information |
SJR (0.191) |
|
|
|