A CRITICAL EVALUATION OF SECURITY APPROACHES FOR DETECTION AND PREVENTION OF SQL INJECTION ATTACKS IN WEB-BASED APPLICATIONS

  • Yusuf Bukar Maina Yobe State University, Damaturu
DOI: https://doi.org/10.33003/fjs-2024-0802-2308
Keywords: SQL Injection, Web Application, XSS Vulnerability, Web Security

Abstract

SQL Injection Attack (SQLIAs) is a web application attack that has been known for almost two decades, and that has been among the biggest cyber threats especially because most of the world’s population interacts with web apps in one way or the other. Over the years many methods have been developed to identify and deter SQLIAs, thereby reducing the risk on web applications. Four various methods used to identify and stop SQLIAs are reviewed, compared and critically evaluated in this paper, these include tokenization and lexicon detection process, combined static and dynamic method, novel, and search-based methods. This work further reveals the gap in current knowledge, specifically, increased efficiency can be achieved by integrating two of the most effective approaches. Furthermore, a real-world application of these methods is presented and finally, recommendations are made for further study.

References

Abikoye, O., Dokoro, H., Abubakar, A., Oluwatobi, A., & Asani, E.O., 2019, 'Modified Advanced Encryption Standard Algorithm for Information Security', Symmetry, Vol. 11, pages 1-16 DOI: https://doi.org/10.3390/sym11121484

Benfano , S., Fergyanto E. , G., Hirzi & Frumentius, 2018, 'Prevention Structured Query Language Injection Using Regular Expression and Escape String', Procedia Computer Science, Vol. 135, pages 678-687 DOI: https://doi.org/10.1016/j.procs.2018.08.218

Das, D., Sharma, U. & Bhattacharyya, D. K., 2019, 'Defeating SQL injection attack in authentication security: an experimental study', International Journal of Information Security, 18(1), pp. 1-22 DOI: https://doi.org/10.1007/s10207-017-0393-x

Ghafarian, D. A., 2017, 'A Hybrid Method for Detection and Prevention of SQL Injection Attacks', Computing Conference, London, pages 833-838 DOI: https://doi.org/10.1109/SAI.2017.8252192

Gu, H., Liu, T., Zhang, J., Hu, M., Zhou, J., Wei, T., Chen., & M., 2020, 'DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data', IEEE Transactions on Reliability, Volume 69, pages 1-15 DOI: https://doi.org/10.1109/TR.2019.2925415

J. Santhosh Kumar, B. & P. Anaswara, P., 2018, 'Vulnerability detection and prevention of SQL injection', International Journal of Engineering & Technology, Vol. 7, pages 16-18 DOI: https://doi.org/10.14419/ijet.v7i2.31.13388

Liu, M., Li, K. & Chen, T., 2019, 'Security Testing of Web Applications: A Search-Based Approach for Detecting SQL Injection Vulnerabilities', GECCO 19: Proceedings of the Genetic and Evolutionary Computation Conference Companion, pages 417-418 DOI: https://doi.org/10.1145/3319619.3322026

Oluwakemi, C. A., Abdullahi, A., Ahmed, H. D., Oluwatobi, N. A. & Aderonke, A. K., 2020,' A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris- Pratt string match algorithm', EURASIP Journal on Information Security, Vol. 2020, pages 1-14 DOI: https://doi.org/10.1186/s13635-020-00113-y

Rana, M. N., Rana, M. S., Rabnawaz , B. & Sidra, H., 2017, 'Detection and Prevention of SQL Injection Attack by Dynamic Analyzer and Testing Model', International Journal of Advanced Computer Science and Applications, Vol. 8, pages 209-214 DOI: https://doi.org/10.14569/IJACSA.2017.080827

Temeiza, Q., Mohammad, T. & J., I., 2017, 'A novel method for preventing SQL injection using SHA-1 algorithm and syntax-awareness', Sudan Journal of Computing and Geoinformatics, Vol. 1, pages 16-26 DOI: https://doi.org/10.1109/ICCA-TICET.2017.8095285

Voitovych, O., Yuvkovetskyi, O. & Kupershtein, L., 2016, 'SQL injection prevention system', International Conference Radio Electronics & Info Communications (UkrMiCo), Kiev, pages 1- 4 DOI: https://doi.org/10.1109/UkrMiCo.2016.7739642

Zar Chi Su, S. H. & Myo, K., 2020, 'A Detection and Prevention Technique on SQL Injection Attacks', IEEE Conference on Computer Applications (ICCA), pages 1-6

Published
2024-04-30
How to Cite
MainaY. B. (2024). A CRITICAL EVALUATION OF SECURITY APPROACHES FOR DETECTION AND PREVENTION OF SQL INJECTION ATTACKS IN WEB-BASED APPLICATIONS. FUDMA JOURNAL OF SCIENCES, 8(2), 241 - 246. https://doi.org/10.33003/fjs-2024-0802-2308
Issue
Vol. 8 No. 2 (2024): FUDMA Journal of Sciences - Vol. 8 No. 2
Section
Research Articles

Copyright (c) 2024 FUDMA JOURNAL OF SCIENCES

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

FUDMA Journal of Sciences