Title: Investigation framework of web applications vulnerabilities, attacks and protection techniques in structured query language injection attacks
Authors: Nabeel Salih Ali
Addresses: Information Technology Research and Development Centre, University of Kufa, AL-Najaf, Al-Kufa St, Iraq
Abstract: Web security has become a great challenge in recent years. Structured Query Language Injection Attack (SQLIA) is a prevalent and dominant class of the serious web application attacks. A crafter can easily get illegal access to the underlying database in the web application thereby gaining full control of the system and causing millions of dollars loss for corporations. In this paper, we provide a comprehensive study of web applications and investigate their vulnerabilities, attacks, and protection techniques against SQLIA Attacks. The study includes presenting a taxonomy of the SQLIAs investigation framework, conducts a detailed review of the various previous SQLI attacks protection techniques, as well as a summary and analysis of a critical review (strengths and weaknesses) of the detection and prevention techniques that have been done to address such attacks. Finally, it highlights and focuses on the critical and important directions or protection approaches that require more studies by future researchers.
Keywords: web security; SQLIA; web attacks; web applications; investigation framework; SQL injection; protection techniques; detection; SQLI prevention; web vulnerabilities; techniques; protection; XSS; defensive approaches; security attacks.
DOI: 10.1504/IJWMC.2018.091137
International Journal of Wireless and Mobile Computing, 2018 Vol.14 No.2, pp.103 - 122
Received: 10 Jun 2017
Accepted: 06 Dec 2017
Published online: 11 Apr 2018 *