Abstract
The SQL injection is a predominant type of attack and threat to web applications. This attack attempts to subvert the relationship between a webpage and its supporting database. Due to widespread availability of valuable data and automated tools on web, attackers are motivated to launch high profile attacks on targeted websites. This paper is an effort to know the current state of SQL injection attacks. Different Researchers have proposed various solutions to address SQL injection problems. In this research work, those countermeasures are identified and applied to a vulnerable application and database system, then result are illustrated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
SQL Inject Prevention cheat sheet, https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet.
Protecting Websites from advanced and automated SQL injection, http://www.imperva.com/docs/WP_SQL_Injection20.pdf.
Torgby. W.K, Asabere, N.Y. Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies. International Journal of Computer applications Vol. 71-No.11. 29–40.ISSN: 0975-8887. (2013).
Kaur D, Kaur P. Empirical Analysis of Web Attacks. In Procedia of Computer Science. Elsevier Publications. DOI:10.1016/j.procs.2016.02.057 (2016).
Muniz J., Lakhani A. Web Penetration Testing with Kali Linux. PACKT Publishing. MUMBAI-India. (2013).
Gandhi M. and Baria J. SQL Injection Attacks in Web Application. International Journal of Soft computing and Engineering (IJSCE), Vol 2, Issue 6. 189–191. ISSN:2231-2307. (2013.).
Parmar.G. and Mathur K. Proposed Preventive measures and strategies Against SQL injection Attacks. Indian Journal of Applied Research, Vol. 5, Issue 5. 664–671. ISSN- 2249555X. (2015).
SQL Injection, https://www.us-cert.gov/sites/default/files/publications/sql200901.pdf.
Madan.S. and Madan S. Bulwark Against SQL Injection attack – An Unified Approach. International Journal of Computer Science and Network Security(IJCSNS), Vol. 10 No.5. 305–313. (2010).
Steps to Protect your Websites from SQL Injection attacks, https://www.whitehatsec.com/resource/whitepapers/SQL.html.
Mahapatra and Khan. S. A Survey of SQL Injection Countermeasures, International Journal of Computer science & engineering (IJCSES) Vol. 3, No.3. 55–74. DOI:10.5121/ijcses.2012.3305 55. (2012).
Kalaria S. and Vivekanandan. M. Dark Side of SQL Injection. In the proceedings of ASAR International Conference, Bangalore. 67–72. ISBN: 978-81-927147-0-7. (2013).
Helford. W, Viegas. J. and Orso. A. 2006. A Classification of SQL Injection attacks and countermeasures. In the proceedings of the International symposium on secure software Engineering. Washington, USA (2006).
Gollmann. D. Securing Web Applications. Article in  ELSEVIER Information Security Technical Report Volume 13 Issue1. Elsevier Advanced Technology Publications Oxford, UK. 1–9.DOI:10.1016/j.istr.2008.02.002.
Aggarwal. U, Saxena. M. and Rana. K.S. A Survey of SQL Injection attacks. International Journal of Advanced Research in Computer Science and Software Engineering (IJARCSSE), vol. 5, Issue 3. 286–289. ISSN:2277128X. (2015).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kaur, D., Kaur, P. (2017). SQLI Attacks: Current State and Mitigation in SDLC. In: Satapathy, S., Bhateja, V., Udgata, S., Pattnaik, P. (eds) Proceedings of the 5th International Conference on Frontiers in Intelligent Computing: Theory and Applications . Advances in Intelligent Systems and Computing, vol 515. Springer, Singapore. https://doi.org/10.1007/978-981-10-3153-3_67
Download citation
DOI: https://doi.org/10.1007/978-981-10-3153-3_67
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3152-6
Online ISBN: 978-981-10-3153-3
eBook Packages: EngineeringEngineering (R0)