Title: An old risk in the new era: SQL injection in cloud environment

Authors: Fu Xiao; Wang Zhijian; Wang Meiling; Chen Ning; Zhu Yue; Zhang Lei; Wang Pei; Cao Xiaoning

Addresses: Jiangsu Province Hydrology and Water Resources Investigation Bureau, Hohai University, Nanjing, Jiangsu, China ' Jiangsu Province Hydrology and Water Resources Investigation Bureau, Hohai University, Nanjing, Jiangsu, China ' Jiangsu Province Hydrology and Water Resources Investigation Bureau, Hohai University, Nanjing, Jiangsu, China ' Jiangsu Province Hydrology and Water Resources Investigation Bureau, Hohai University, Nanjing, Jiangsu, China ' Jiangsu Province Hydrology and Water Resources Investigation Bureau, Hohai University, Nanjing, Jiangsu, China ' Jiangsu Province Hydrology and Water Resources Investigation Bureau, Hohai University, Nanjing, Jiangsu, China ' Jiangsu Province Hydrology and Water Resources Investigation Bureau, Hohai University, Nanjing, Jiangsu, China ' Jiangsu Province Hydrology and Water Resources Investigation Bureau, Hohai University, Nanjing, Jiangsu, China

Abstract: After haunting all the software engineers for more than 26 years since it was discovered and classified in 2002, SQL injection still poses a most serious threat to developers, maintainers and users of web applications even into the brand new cloud era. SaaS, PaaS and IaaS virtualisation technologies which are widely used by cloud computing seemed to fail the enhancement of security against such an attack. We strive to study the mechanism and principles of SQL injection attack in order to help the information security personnel to understand and manage such risks.

Keywords: SQL injection; virtualisation; SaaS; PaaS; cloud computing.

DOI: 10.1504/IJGUC.2021.112474

International Journal of Grid and Utility Computing, 2021 Vol.12 No.1, pp.43 - 54

Received: 26 Apr 2019
Accepted: 26 Dec 2019
Published online: 19 Jan 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article