Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review

Mohammad Qbea'h, Saed Alrabaee, Mohammad Alshraideh, Khair Eddin Sabri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

A huge amount of stored and transferred data is expanding rapidly. Therefore, managing and securing the big volume of diverse applications should have a high priority. However, Structured Query Language Injection Attack (SQLIA) is one of the most common dangerous threats in the world. Therefore, a large number of approaches and models have been presented to mitigate, detect or prevent SQL injection attack but it is still alive. Most of old and current models are created based on static, dynamic, hybrid or machine learning techniques. However, SQL injection attack still represents the highest risk in the trend of web application security risks based on several recent studies in 2021. In this paper, we present a review of the latest research dealing with SQL injection attack and its types, and demonstrating several types of most recent and current techniques, models and approaches which are used in mitigating, detecting or preventing this type of dangerous attack. Then, we explain the weaknesses and highlight the critical points missing in these techniques. As a result, we still need more efforts to make a real, novel and comprehensive solution to be able to cover all kinds of malicious SQL commands. At the end, we provide significant guidelines to follow in order to mitigate such kind of attack, and we strongly believe that these tips will help developers, decision makers, researchers and even governments to innovate solutions in the future research to stop SQLIA.

Original languageEnglish
Title of host publicationProceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings
EditorsJihad M. Alja'Am, Soumaya AlMaadeed, Samir Abou Elseoud, Omar Karam
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665452946
DOIs
Publication statusPublished - 2022
Event4th International Conference on Computer and Applications, ICCA 2022 - Cairo, Egypt
Duration: Dec 20 2022Dec 22 2022

Publication series

NameProceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings

Conference

Conference4th International Conference on Computer and Applications, ICCA 2022
Country/TerritoryEgypt
CityCairo
Period12/20/2212/22/22

Keywords

  • application security
  • cybersecurity
  • data security
  • malicious code
  • mobile security
  • review
  • sql injection attack
  • sqlia
  • vulnerability
  • web security

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Computer Science Applications
  • Computer Vision and Pattern Recognition
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review'. Together they form a unique fingerprint.

Cite this