Open AccessSecuring Web Applications against Structured Query Language Injection Attacks using a Hybrid Approach: Input Filtering and Web Application Firewall
Author(s) -
Francis Kyalo,
Calvins Otieno,
Dennis Njagi
Publication year - 2018
Publication title -
international journal of computer applications
Language(s) - English
Resource type - Journals
ISSN - 0975-8887
DOI - 10.5120/ijca2018917666
Subject(s) - computer science , firewall (physics) , web application , world wide web , application firewall , information retrieval , computer security , stateful firewall , network packet , schwarzschild radius , classical mechanics , gravitation , physics , charged black hole
SQL injection is a type of attack used to gain, manipulate, or delete information in any data-driven system regardless of whether the system is online or offline and whether this system is a web or non-web based. A common approach for an attacker to launch SQLIA is by modifying the user input to contain partial SQL queries and trick the server into executing them. In this paper, a literature review of the SQL injection attacks and their mitigation is presented. It shows that the study of SQL injection in general has been conducted in diverse range of areas. The main objective of this paper is to give an elaborate study on different types of SQL injection, their mitigation strategies, critiques of past approaches and finally the knowledge gap. It seeks to create knowledge on work done by others in the area of SQL injection attacks in web applications which remains a threat up-to-date despite the numerous studies done on the same field.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom