A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies

In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of trans...

Full description

Bibliographic Details
Main Authors: Diallo , Abdoulaye Kindy, Pathan, Al-Sakib Khan
Format: Article
Language:English
Published: KUST Press, Pakistan 2013
Subjects:
Online Access:http://irep.iium.edu.my/31262/1/364-882-1-PB.pdf
_version_ 1796878133456011264
author Diallo , Abdoulaye Kindy
Pathan, Al-Sakib Khan
author_facet Diallo , Abdoulaye Kindy
Pathan, Al-Sakib Khan
author_sort Diallo , Abdoulaye Kindy
collection IIUM
description In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks.
first_indexed 2024-03-05T23:17:11Z
format Article
id oai:generic.eprints.org:31262
institution International Islamic University Malaysia
language English
last_indexed 2024-03-05T23:17:11Z
publishDate 2013
publisher KUST Press, Pakistan
record_format dspace
spelling oai:generic.eprints.org:312622013-08-05T05:09:21Z http://irep.iium.edu.my/31262/ A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies Diallo , Abdoulaye Kindy Pathan, Al-Sakib Khan QA75 Electronic computers. Computer science QA76 Computer software In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks. KUST Press, Pakistan 2013 Article PeerReviewed application/pdf en http://irep.iium.edu.my/31262/1/364-882-1-PB.pdf Diallo , Abdoulaye Kindy and Pathan, Al-Sakib Khan (2013) A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies. International Journal of Communication Networks and Information Security, 5 (2). pp. 80-92. ISSN ISSN: 2076-0930 (Print) ISSN: 2073-607X (Online) http://ijcnis.org/index.php/ijcnis
spellingShingle QA75 Electronic computers. Computer science
QA76 Computer software
Diallo , Abdoulaye Kindy
Pathan, Al-Sakib Khan
A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies
title A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies
title_full A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies
title_fullStr A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies
title_full_unstemmed A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies
title_short A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies
title_sort detailed survey on various aspects of sql injection in web applications vulnerabilities innovative attacks and remedies
topic QA75 Electronic computers. Computer science
QA76 Computer software
url http://irep.iium.edu.my/31262/1/364-882-1-PB.pdf
work_keys_str_mv AT dialloabdoulayekindy adetailedsurveyonvariousaspectsofsqlinjectioninwebapplicationsvulnerabilitiesinnovativeattacksandremedies
AT pathanalsakibkhan adetailedsurveyonvariousaspectsofsqlinjectioninwebapplicationsvulnerabilitiesinnovativeattacksandremedies
AT dialloabdoulayekindy detailedsurveyonvariousaspectsofsqlinjectioninwebapplicationsvulnerabilitiesinnovativeattacksandremedies
AT pathanalsakibkhan detailedsurveyonvariousaspectsofsqlinjectioninwebapplicationsvulnerabilitiesinnovativeattacksandremedies