Title: A comparative analysis and performance evaluation of web application protection techniques against injection attacks

Authors: Nabeel Salih Ali; Abdul Samad Bin Shibghatullah; Ahmed Hazim Alhilali; Salam Al-Khammasi; Mohammed Falih Kadhim; Hayder K. Fatlawi

Addresses: Information Technology Research and Development Centre (ITRDC), University of Kufa, P.O. Box (21), Najaf Governorate, Iraq ' School of Information Technology, Faculty of Business and Information Science (FoBIS), UCSI University, Kuala Lumpur, Malaysia ' Information Technology Research and Development Centre, University of Kufa, P.O. Box (21), Najaf Governorate, Iraq ' Information Technology Research and Development Centre, University of Kufa, P.O. Box (21), Najaf Governorate, Iraq ' Information Technology Research and Development Centre, University of Kufa, P.O. Box (21), Najaf Governorate, Iraq ' Information Technology Research and Development Centre, University of Kufa, P.O. Box (21), Najaf Governorate, Iraq

Abstract: Nowadays, most animation activities are based on internet-enabled applications. But, the majority of web developers have ignored the privacy and security aspects of each application, turning them into attractive targets for security issues and therefore increasing the attacker's concerning. Structured query language injection attack (SQLIA) is the prevalent and dominant type of severe web application attacks. This paper provides a comparative study for web application protection techniques and evaluates their performance against SQLIA by conducting a detailed review of various SQLIA previously detected and prevented by protection techniques, a summary and analysis of a critical review of the defensive techniques that were done to address such attack, performance comparison of the different protective approaches through an evaluation using performance metrics to identify efficient and high-performance techniques. Finally, the paper highlights and focuses on the critical and vital directions or protection approaches that require more studies by future research.

Keywords: web applications; structured query language injection; SQLI; protection techniques; performance evaluation; web attacks; defensive approaches; defensive tools; injection; web security; protective methods; injection attacks; high-performance.

DOI: 10.1504/IJMC.2020.105855

International Journal of Mobile Communications, 2020 Vol.18 No.2, pp.196 - 228

Received: 05 Mar 2018
Accepted: 18 Oct 2018
Published online: 16 Mar 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article