Title: A survey on SQL injection attacks, detection and prevention techniques - a tertiary study

Authors: María Hallo; Gabriela Suntaxi

Addresses: Department of Computer Science, Escuela Politécnica Nacional, Quito, Ecuador ' Department of Computer Science, Escuela Politécnica Nacional, Quito, Ecuador

Abstract: This paper presents a tertiary systematic literature review of SQL injection attacks based on previous secondary systematic literature reviews and systematic mappings. We identify the main observations (what we know) and challenges (what we do not know) on SQL injection attacks. We perform this tertiary review using six scientific databases. Based on a rigorous search process, we consider in our study 11 secondary studies published in the last decade. We define six research questions that help us determine the current state of the art in SQL injection attacks. We organise the main observations and challenges into definitions, most common research topics related to SQL injection attacks, detection and prevention techniques, and limitations of the studies. Finally, we identify open issues that could guide future research work.

Keywords: SQL injection attacks; SQLIA; SQL injection detection techniques; SQL injection prevention techniques.

DOI: 10.1504/IJSN.2022.125514

International Journal of Security and Networks, 2022 Vol.17 No.3, pp.193 - 202

Received: 10 Jul 2021
Accepted: 19 Jul 2021
Published online: 13 Sep 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article