This is an outdated version published on 2013-06-14. Read the most recent version.

A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies

Authors

  • Diallo Abdoulaye Kindy
  • Al-Sakib Khan Pathan International Islamic University Malaysia (IIUM)

DOI:

https://doi.org/10.17762/ijcnis.v5i2.364

Abstract

In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks.

Author Biography

Al-Sakib Khan Pathan, International Islamic University Malaysia (IIUM)

Al-Sakib Khan Pathan received Ph.D. degree in Computer Engineering in 2009 from Kyung Hee University, South Korea. He received B.Sc. degree in Computer Science and Information Technology from Islamic University of Technology (IUT), Bangladesh in 2003. He is currently an Assistant Professor at Computer Science department in International Islamic University Malaysia (IIUM), Malaysia. Till June 2010, he served as an Assistant Professor at Computer Science and Engineering department in BRAC University, Bangladesh. Prior to holding this position, he worked as a Researcher at Networking Lab, Kyung Hee University, South Korea till August 2009. His research interest includes wireless sensor networks, network security, and e-services technologies. He is a recipient of several awards/best paper awards and has several publications in these areas. He has served as a Chair, Organizing Committee Member, and Technical Program Committee member in numerous international conferences/workshops like HPCS, ICA3PP, IWCMC, VTC, HPCC, IDCS, etc. He is currently serving as the Editor-in-Chief of IJIDCS, an Area Editor of IJCNIS, Associate Editor of IASTED/ACTA Press IJCA and CCS, Guest Editor of some special issues of top-ranked journals, and Editor/Author of four published books. He also serves as a referee of a few renowned journals such as IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), IEEE Transactions on Vehicular Technology (IEEE TVT), IEEE Communications Letters, Journal of Communications and Networks (JCN), Elsevier’s Computer Communications, Computer Standards and Interfaces, IOS Press JHSN, EURASIP JWCN, etc. He is a member of Institute of Electrical and Electronics Engineers (IEEE), USA; IEEE ComSoc Bangladesh Chapter, and several other international organizations.

Downloads

Published

2013-06-14

Versions

How to Cite

Kindy, D. A., & Pathan, A.-S. K. (2013). A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies. International Journal of Communication Networks and Information Security (IJCNIS), 5(2). https://doi.org/10.17762/ijcnis.v5i2.364

Issue

Section

Surveys / Reviews