IJCCE 2013 Vol.2(5): 539-542 ISSN: 2010-3743
DOI: 10.7763/IJCCE.2013.V2.244
DOI: 10.7763/IJCCE.2013.V2.244
Study of SQL Injection Attacks and Countermeasures
Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour
Abstract—SQL injection is an attack technique that exploits a security vulnerability occurring in the database layer of an application and a service. This is most often found within web pages with dynamic content. This paper provides taxonomy on SQL injection prevention and detection approaches. Furthermore, for each type of vulnerability, we provide descriptions of how attacks of that type could take advantage of that vulnerability and perform attack. We also present and analysis some of existing detection and prevention techniques against SQL injection attacks. Finally, we compare different type of approaches and techniques and provide a list of their deployment requirements.
Index Terms—SQL injection attack, SQL queries, web application, DBMS, taxonomy, web application security.
S. Sajjadi is with the Department of Electrical, Computer and IT Engineering, Islamic Azad University, Qazvin Branch, Qazvin, Iran (e-mail: s.sajjadi@qiau.ac.ir).
B. Tajalli Pour is with Department of Computer Engineering, Islamic Azad University, Tehran North Branch, Tehran, Iran (e-mail: bahar_tj@yahoo.com).
Index Terms—SQL injection attack, SQL queries, web application, DBMS, taxonomy, web application security.
S. Sajjadi is with the Department of Electrical, Computer and IT Engineering, Islamic Azad University, Qazvin Branch, Qazvin, Iran (e-mail: s.sajjadi@qiau.ac.ir).
B. Tajalli Pour is with Department of Computer Engineering, Islamic Azad University, Tehran North Branch, Tehran, Iran (e-mail: bahar_tj@yahoo.com).
Cite:Sayyed Mohammad Sadegh Sajjadi and Bahare Tajalli Pour, "Study of SQL Injection Attacks and Countermeasures," International Journal of Computer and Communication Engineering vol. 2, no. 5, pp. 539-542, 2013.
PREVIOUS PAPER
First page
General Information
ISSN: 2010-3743 (Online)
Abbreviated Title: Int. J. Comput. Commun. Eng.
Frequency: Quarterly
DOI: 10.17706/IJCCE
Editor-in-Chief: Dr. Maode Ma
Abstracting/ Indexing: INSPEC, CNKI, Google Scholar, Crossref, EBSCO, ProQuest, and Electronic Journals Library
E-mail: ijcce@iap.org
-
Dec 29, 2021 News!
IJCCE Vol. 10, No. 1 - Vol. 10, No. 2 have been indexed by Inspec, created by the Institution of Engineering and Tech.! [Click]
-
Mar 17, 2022 News!
IJCCE Vol.11, No.2 is published with online version! [Click]
-
Dec 29, 2021 News!
The dois of published papers in Vol. 9, No. 3 - Vol. 10, No. 4 have been validated by Crossref.
-
Dec 29, 2021 News!
IJCCE Vol.11, No.1 is published with online version! [Click]
-
Sep 16, 2021 News!
IJCCE Vol.10, No.4 is published with online version! [Click]
- Read more>>