A CRITICAL EVALUATION OF SECURITY APPROACHES FOR DETECTION AND PREVENTION OF SQL INJECTION ATTACKS IN WEB-BASED APPLICATIONS

Yusuf Bukar Maina

doi:10.33003/fjs-2024-0802-2308

Authors

Yusuf Bukar Maina
yusufbukarmaina1@gmail.com

Yobe State University, Damaturu

Keywords:

SQL Injection, Web Application, XSS Vulnerability, Web Security

Abstract

SQL Injection Attack (SQLIAs) is a web application attack that has been known for almost two decades, and that has been among the biggest cyber threats especially because most of the world’s population interacts with web apps in one way or the other. Over the years many methods have been developed to identify and deter SQLIAs, thereby reducing the risk on web applications. Four various methods used to identify and stop SQLIAs are reviewed, compared and critically evaluated in this paper, these include tokenization and lexicon detection process, combined static and dynamic method, novel, and search-based methods. This work further reveals the gap in current knowledge, specifically, increased efficiency can be achieved by integrating two of the most effective approaches. Furthermore, a real-world application of these methods is presented and finally, recommendations are made for further study.

Dimensions

REFERENCES

Abikoye, O., Dokoro, H., Abubakar, A., Oluwatobi, A., & Asani, E.O., 2019, 'Modified Advanced Encryption Standard Algorithm for Information Security', Symmetry, Vol. 11, pages 1-16

Benfano , S., Fergyanto E. , G., Hirzi & Frumentius, 2018, 'Prevention Structured Query Language Injection Using Regular Expression and Escape String', Procedia Computer Science, Vol. 135, pages 678-687

Das, D., Sharma, U. & Bhattacharyya, D. K., 2019, 'Defeating SQL injection attack in authentication security: an experimental study', International Journal of Information Security, 18(1), pp. 1-22

Ghafarian, D. A., 2017, 'A Hybrid Method for Detection and Prevention of SQL Injection Attacks', Computing Conference, London, pages 833-838

Gu, H., Liu, T., Zhang, J., Hu, M., Zhou, J., Wei, T., Chen., & M., 2020, 'DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data', IEEE Transactions on Reliability, Volume 69, pages 1-15

J. Santhosh Kumar, B. & P. Anaswara, P., 2018, 'Vulnerability detection and prevention of SQL injection', International Journal of Engineering & Technology, Vol. 7, pages 16-18

Liu, M., Li, K. & Chen, T., 2019, 'Security Testing of Web Applications: A Search-Based Approach for Detecting SQL Injection Vulnerabilities', GECCO 19: Proceedings of the Genetic and Evolutionary Computation Conference Companion, pages 417-418

Oluwakemi, C. A., Abdullahi, A., Ahmed, H. D., Oluwatobi, N. A. & Aderonke, A. K., 2020,' A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris- Pratt string match algorithm', EURASIP Journal on Information Security, Vol. 2020, pages 1-14

Rana, M. N., Rana, M. S., Rabnawaz , B. & Sidra, H., 2017, 'Detection and Prevention of SQL Injection Attack by Dynamic Analyzer and Testing Model', International Journal of Advanced Computer Science and Applications, Vol. 8, pages 209-214

Temeiza, Q., Mohammad, T. & J., I., 2017, 'A novel method for preventing SQL injection using SHA-1 algorithm and syntax-awareness', Sudan Journal of Computing and Geoinformatics, Vol. 1, pages 16-26

Voitovych, O., Yuvkovetskyi, O. & Kupershtein, L., 2016, 'SQL injection prevention system', International Conference Radio Electronics & Info Communications (UkrMiCo), Kiev, pages 1- 4

Zar Chi Su, S. H. & Myo, K., 2020, 'A Detection and Prevention Technique on SQL Injection Attacks', IEEE Conference on Computer Applications (ICCA), pages 1-6

A CRITICAL EVALUATION OF SECURITY APPROACHES FOR DETECTION AND PREVENTION OF SQL INJECTION ATTACKS IN WEB-BASED APPLICATIONS

Authors

Keywords:

Abstract

REFERENCES

Published

How to Cite

Issue

Section

How to Cite

Make a Submission

Browse

Developed By

Information

Latest publications