Please use this identifier to cite or link to this item:
http://ir.futminna.edu.ng:8080/jspui/handle/123456789/28693
Title: | Classification of Sql Injection Detection And Prevention Measure |
Authors: | Atiku, Mustapha Saidu Aliero, Muhammad Aliyu Ardo, Abdulhamid Ghani, Imran |
Keywords: | SQL Injection, Defensive Coding, Injection Parameter, SQLI vulnerability. |
Issue Date: | Feb-2016 |
Publisher: | IOSR Journal of Engineering |
Citation: | Aliero, M. S., Ardo, A. A., Ghani, I., & Atiku, M. (2016). Classification of Sql Injection Detection And Prevention Measure. IOSR Journal of Engineering, 6(02). |
Series/Report no.: | Volume 6;Issue 2 |
Abstract: | : SQL injection vulnerability is the one of the most common web-based application vulnerabilities that can be exploited by SQL injection attack to gain access to restricted data, bypass authentication mechanism, and execute unauthorized data manipulation language. Defensive coding is a simple and affordable way to tackle this problem, however there are some issue regarding use of defensive coding which makes the system in effective, less resistant and resilience to attack. In this paper we provide detailed background of SQLIA (SQL Injection Attack), classified defensive coding to different categories, reviewed existing technique that are related to each techniques, state strength and weakness of such technique, evaluate such technique based on number of attacks they were able to stop and evaluate each category of approach based on its deployment requirements related to inheritance. The goal of this paper is to provide programmers with common issues that need to be considered before choosing a particular technique and to raise awareness of issues related to such techniques as many of those techniques were not meant for the purpose of protection of SQLIA. In addition, we hope to provide researchers by shedding light on how to develop good SQLI (SQL Injection) protection tools as most of the SQLI protection tools were developed using combination a of two or more defensive coding techniques. Lastly we provide recommendations on to avoid such issues. |
URI: | http://repository.futminna.edu.ng:8080/jspui/handle/123456789/28693 |
ISSN: | ISSN (e): 2250-3021 |
Appears in Collections: | Information and Media Technology |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
SQL INJECTION.pdf | JOURNAL | 230.93 kB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.