Mohammed Nasereddin, Ashaar ALKhamaiseh, Malik Qasaimeh, Raad S. Al-Qassas
{"title":"一个系统的审查检测和预防技术的SQL注入攻击","authors":"Mohammed Nasereddin, Ashaar ALKhamaiseh, Malik Qasaimeh, Raad S. Al-Qassas","doi":"10.1080/19393555.2021.1995537","DOIUrl":null,"url":null,"abstract":"ABSTRACT SQL injection is a type of database-targeted attack for data-driven applications. It is performed by inserting malicious code in the SQL query to alter and modify its meaning, enabling the attacker to retrieve sensitive data or to access the database. Many techniques have been improved and proposed to detect and mitigate these types of attacks. This paper provides a systematic review for a pool of 60 papers on web applications’ SQL injection detection methods. The pool was selected using a developed searching and filtering methodology for the existing literature based on scholar databases (IEEE, ScienceDirect, and Springer) with the aim to provide specific answering for several research questions in the area of SQL injection detection. This provides a basis for the design and use of effective SQL injection detection methods.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"A systematic review of detection and prevention techniques of SQL injection attacks\",\"authors\":\"Mohammed Nasereddin, Ashaar ALKhamaiseh, Malik Qasaimeh, Raad S. Al-Qassas\",\"doi\":\"10.1080/19393555.2021.1995537\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT SQL injection is a type of database-targeted attack for data-driven applications. It is performed by inserting malicious code in the SQL query to alter and modify its meaning, enabling the attacker to retrieve sensitive data or to access the database. Many techniques have been improved and proposed to detect and mitigate these types of attacks. This paper provides a systematic review for a pool of 60 papers on web applications’ SQL injection detection methods. The pool was selected using a developed searching and filtering methodology for the existing literature based on scholar databases (IEEE, ScienceDirect, and Springer) with the aim to provide specific answering for several research questions in the area of SQL injection detection. This provides a basis for the design and use of effective SQL injection detection methods.\",\"PeriodicalId\":103842,\"journal\":{\"name\":\"Information Security Journal: A Global Perspective\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Security Journal: A Global Perspective\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/19393555.2021.1995537\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Journal: A Global Perspective","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/19393555.2021.1995537","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A systematic review of detection and prevention techniques of SQL injection attacks
ABSTRACT SQL injection is a type of database-targeted attack for data-driven applications. It is performed by inserting malicious code in the SQL query to alter and modify its meaning, enabling the attacker to retrieve sensitive data or to access the database. Many techniques have been improved and proposed to detect and mitigate these types of attacks. This paper provides a systematic review for a pool of 60 papers on web applications’ SQL injection detection methods. The pool was selected using a developed searching and filtering methodology for the existing literature based on scholar databases (IEEE, ScienceDirect, and Springer) with the aim to provide specific answering for several research questions in the area of SQL injection detection. This provides a basis for the design and use of effective SQL injection detection methods.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
