Article: A survey: on detection and prevention techniques of SQL injection attacks Journal: International Journal of Information and Computer Security (IJICS) 2025 Vol.26 No.4 pp.332 - 371 Abstract: We are constantly exposed to the extensive usage of online applications in our daily lives. The web application's backend uses database technology that stores and processes sensitive data. One of the primary concerns of a web application in terms of data security is to safeguard sensitive data in the database. SQL injection attacks are one of the most serious security concerns of web applications (SQLIA). Akamai report suggests that SQLIAs accounted for more than 72% of all web application security attacks in the last five years. Therefore, SQLIA is one of the most severe attacks used against database-driven web applications, which compromises data privacy. It is a code injection type attack where an attacker injects malicious SQL queries to get unauthorised access to the database. Several research proposals have been published to address these security threats. In this paper, we first provide the current state-of-the-art on SQLIA and a comprehensive analysis of SQLIA vulnerabilities, detection and prevention strategies in the literature, as well as a complete comparison evaluation of the various existing methodologies. Inderscience Publishers - linking academia, business and industry through research

Title: A survey: on detection and prevention techniques of SQL injection attacks

Authors: Anwesha Kashyap; Angshuman Jana

Addresses: Department of Computer Science and Engineering, Indian Institute of Information Technology Guwahati, Assam, India ' Department of Computer Science and Engineering, Indian Institute of Information Technology Guwahati, Assam, India

Abstract: We are constantly exposed to the extensive usage of online applications in our daily lives. The web application's backend uses database technology that stores and processes sensitive data. One of the primary concerns of a web application in terms of data security is to safeguard sensitive data in the database. SQL injection attacks are one of the most serious security concerns of web applications (SQLIA). Akamai report suggests that SQLIAs accounted for more than 72% of all web application security attacks in the last five years. Therefore, SQLIA is one of the most severe attacks used against database-driven web applications, which compromises data privacy. It is a code injection type attack where an attacker injects malicious SQL queries to get unauthorised access to the database. Several research proposals have been published to address these security threats. In this paper, we first provide the current state-of-the-art on SQLIA and a comprehensive analysis of SQLIA vulnerabilities, detection and prevention strategies in the literature, as well as a complete comparison evaluation of the various existing methodologies.

Keywords: data security; database program; SQL injection attacks.

DOI: 10.1504/IJICS.2025.146528

International Journal of Information and Computer Security, 2025 Vol.26 No.4, pp.332 - 371

Accepted: 30 Jun 2024
Published online: 02 Jun 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: A survey: on detection and prevention techniques of SQL injection attacks

Keep up-to-date