Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review

Mohammad Qbea'h; Saed Alrabaee; Mohammad Alshraideh; Khair Eddin Sabri

doi:10.1109/ICCA56443.2022.10039611

Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review

Mohammad Qbea'h, Saed Alrabaee, Mohammad Alshraideh, Khair Eddin Sabri

Department of Information System and Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

A huge amount of stored and transferred data is expanding rapidly. Therefore, managing and securing the big volume of diverse applications should have a high priority. However, Structured Query Language Injection Attack (SQLIA) is one of the most common dangerous threats in the world. Therefore, a large number of approaches and models have been presented to mitigate, detect or prevent SQL injection attack but it is still alive. Most of old and current models are created based on static, dynamic, hybrid or machine learning techniques. However, SQL injection attack still represents the highest risk in the trend of web application security risks based on several recent studies in 2021. In this paper, we present a review of the latest research dealing with SQL injection attack and its types, and demonstrating several types of most recent and current techniques, models and approaches which are used in mitigating, detecting or preventing this type of dangerous attack. Then, we explain the weaknesses and highlight the critical points missing in these techniques. As a result, we still need more efforts to make a real, novel and comprehensive solution to be able to cover all kinds of malicious SQL commands. At the end, we provide significant guidelines to follow in order to mitigate such kind of attack, and we strongly believe that these tips will help developers, decision makers, researchers and even governments to innovate solutions in the future research to stop SQLIA.

Original language	English
Title of host publication	Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings
Editors	Jihad M. Alja'Am, Soumaya AlMaadeed, Samir Abou Elseoud, Omar Karam
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781665452946
DOIs	https://doi.org/10.1109/ICCA56443.2022.10039611
Publication status	Published - 2022
Event	4th International Conference on Computer and Applications, ICCA 2022 - Cairo, Egypt Duration: Dec 20 2022 → Dec 22 2022

Publication series

Name	Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings

Conference

Conference	4th International Conference on Computer and Applications, ICCA 2022
Country/Territory	Egypt
City	Cairo
Period	12/20/22 → 12/22/22

Keywords

application security
cybersecurity
data security
malicious code
mobile security
review
sql injection attack
sqlia
vulnerability
web security

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Computer Science Applications
Computer Vision and Pattern Recognition
Information Systems
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ICCA56443.2022.10039611

Cite this

Qbea'h, M., Alrabaee, S., Alshraideh, M., & Sabri, K. E. (2022). Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review. In J. M. Alja'Am, S. AlMaadeed, S. A. Elseoud, & O. Karam (Eds.), Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings (Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCA56443.2022.10039611

Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review. / Qbea'h, Mohammad ; Alrabaee, Saed; Alshraideh, Mohammad et al.
Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings. ed. / Jihad M. Alja'Am; Soumaya AlMaadeed; Samir Abou Elseoud; Omar Karam. Institute of Electrical and Electronics Engineers Inc., 2022. (Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Qbea'h, M , Alrabaee, S, Alshraideh, M & Sabri, KE 2022, Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review. in JM Alja'Am, S AlMaadeed, SA Elseoud & O Karam (eds), Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings. Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 4th International Conference on Computer and Applications, ICCA 2022, Cairo, Egypt, 12/20/22. https://doi.org/10.1109/ICCA56443.2022.10039611

Qbea'h M , Alrabaee S, Alshraideh M, Sabri KE. Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review. In Alja'Am JM, AlMaadeed S, Elseoud SA, Karam O, editors, Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2022. (Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings). doi: 10.1109/ICCA56443.2022.10039611

Qbea'h, Mohammad ; Alrabaee, Saed ; Alshraideh, Mohammad et al. / Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive : A Review. Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings. editor / Jihad M. Alja'Am ; Soumaya AlMaadeed ; Samir Abou Elseoud ; Omar Karam. Institute of Electrical and Electronics Engineers Inc., 2022. (Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings).

@inproceedings{86136c5215d74fa28829cd57c82d416f,

title = "Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review",

abstract = "A huge amount of stored and transferred data is expanding rapidly. Therefore, managing and securing the big volume of diverse applications should have a high priority. However, Structured Query Language Injection Attack (SQLIA) is one of the most common dangerous threats in the world. Therefore, a large number of approaches and models have been presented to mitigate, detect or prevent SQL injection attack but it is still alive. Most of old and current models are created based on static, dynamic, hybrid or machine learning techniques. However, SQL injection attack still represents the highest risk in the trend of web application security risks based on several recent studies in 2021. In this paper, we present a review of the latest research dealing with SQL injection attack and its types, and demonstrating several types of most recent and current techniques, models and approaches which are used in mitigating, detecting or preventing this type of dangerous attack. Then, we explain the weaknesses and highlight the critical points missing in these techniques. As a result, we still need more efforts to make a real, novel and comprehensive solution to be able to cover all kinds of malicious SQL commands. At the end, we provide significant guidelines to follow in order to mitigate such kind of attack, and we strongly believe that these tips will help developers, decision makers, researchers and even governments to innovate solutions in the future research to stop SQLIA.",

keywords = "application security, cybersecurity, data security, malicious code, mobile security, review, sql injection attack, sqlia, vulnerability, web security",

author = "Mohammad Qbea'h and Saed Alrabaee and Mohammad Alshraideh and Sabri, {Khair Eddin}",

note = "Funding Information: ACKNOWLEDGMENT We are grateful to the anonymous reviewers for their comments and suggestions. The second author is partially supported by the United Arab Emirates University Grant 12R143. Publisher Copyright: {\textcopyright} 2022 IEEE.; 4th International Conference on Computer and Applications, ICCA 2022 ; Conference date: 20-12-2022 Through 22-12-2022",

year = "2022",

doi = "10.1109/ICCA56443.2022.10039611",

language = "English",

series = "Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

editor = "Alja'Am, {Jihad M.} and Soumaya AlMaadeed and Elseoud, {Samir Abou} and Omar Karam",

booktitle = "Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings",

}

TY - GEN

T1 - Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive

T2 - 4th International Conference on Computer and Applications, ICCA 2022

AU - Qbea'h, Mohammad

AU - Alrabaee, Saed

AU - Alshraideh, Mohammad

AU - Sabri, Khair Eddin

N1 - Funding Information: ACKNOWLEDGMENT We are grateful to the anonymous reviewers for their comments and suggestions. The second author is partially supported by the United Arab Emirates University Grant 12R143. Publisher Copyright: © 2022 IEEE.

PY - 2022

Y1 - 2022

N2 - A huge amount of stored and transferred data is expanding rapidly. Therefore, managing and securing the big volume of diverse applications should have a high priority. However, Structured Query Language Injection Attack (SQLIA) is one of the most common dangerous threats in the world. Therefore, a large number of approaches and models have been presented to mitigate, detect or prevent SQL injection attack but it is still alive. Most of old and current models are created based on static, dynamic, hybrid or machine learning techniques. However, SQL injection attack still represents the highest risk in the trend of web application security risks based on several recent studies in 2021. In this paper, we present a review of the latest research dealing with SQL injection attack and its types, and demonstrating several types of most recent and current techniques, models and approaches which are used in mitigating, detecting or preventing this type of dangerous attack. Then, we explain the weaknesses and highlight the critical points missing in these techniques. As a result, we still need more efforts to make a real, novel and comprehensive solution to be able to cover all kinds of malicious SQL commands. At the end, we provide significant guidelines to follow in order to mitigate such kind of attack, and we strongly believe that these tips will help developers, decision makers, researchers and even governments to innovate solutions in the future research to stop SQLIA.

AB - A huge amount of stored and transferred data is expanding rapidly. Therefore, managing and securing the big volume of diverse applications should have a high priority. However, Structured Query Language Injection Attack (SQLIA) is one of the most common dangerous threats in the world. Therefore, a large number of approaches and models have been presented to mitigate, detect or prevent SQL injection attack but it is still alive. Most of old and current models are created based on static, dynamic, hybrid or machine learning techniques. However, SQL injection attack still represents the highest risk in the trend of web application security risks based on several recent studies in 2021. In this paper, we present a review of the latest research dealing with SQL injection attack and its types, and demonstrating several types of most recent and current techniques, models and approaches which are used in mitigating, detecting or preventing this type of dangerous attack. Then, we explain the weaknesses and highlight the critical points missing in these techniques. As a result, we still need more efforts to make a real, novel and comprehensive solution to be able to cover all kinds of malicious SQL commands. At the end, we provide significant guidelines to follow in order to mitigate such kind of attack, and we strongly believe that these tips will help developers, decision makers, researchers and even governments to innovate solutions in the future research to stop SQLIA.

KW - application security

KW - cybersecurity

KW - data security

KW - malicious code

KW - mobile security

KW - review

KW - sql injection attack

KW - sqlia

KW - vulnerability

KW - web security

UR - http://www.scopus.com/inward/record.url?scp=85149335488&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85149335488&partnerID=8YFLogxK

U2 - 10.1109/ICCA56443.2022.10039611

DO - 10.1109/ICCA56443.2022.10039611

M3 - Conference contribution

AN - SCOPUS:85149335488

T3 - Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings

BT - Proceedings of the International Conference on Computer and Applications, ICCA 2022 - Proceedings

A2 - Alja'Am, Jihad M.

A2 - AlMaadeed, Soumaya

A2 - Elseoud, Samir Abou

A2 - Karam, Omar

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 20 December 2022 through 22 December 2022

ER -

Diverse Approaches Have Been Presented To Mitigate SQL Injection Attack, But It Is Still Alive: A Review

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this