SQL Injection Attack: Quick View
Vugar Abdullayev,Dr. Alok Singh Chauhan +1 more
- 14 Feb 2023
pp 30-34
TL;DR: A comprehensive and systematic review of the existing methods for preventing and detecting SQL injection attacks is presented in this paper , which covers a range of techniques, including input validation, parameterized queries, and intrusion detection systems, as well as the advantages and disadvantages of each method.
read more
Abstract: SQL injection is a type of security vulnerability that occurs in database-driven web applications where an attacker injects malicious code into the application to gain unauthorized access to sensitive information. This paper aims to provide a comprehensive and systematic review of the existing methods for preventing and detecting SQL injection attacks. The review covers a range of techniques, including input validation, parameterized queries, and intrusion detection systems, as well as the advantages and disadvantages of each method. The most common prevention techniques include input validation, parameterized queries, and stored procedures, while the most common detection techniques include intrusion detection systems (IDS), honeypots, and signature-based detection. The choice of method will depend on the specific requirements of the organization and the level of security required. Still, a combination of prevention and detection methods is likely to be the most effective way to secure web applications against SQL injection attacks. The paper concludes that SQL injection attacks continue to be a significant security threat to web applications, and it is essential for organizations to implement effective prevention and detection methods to secure their web applications against SQL injection attacks.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
SecDAN: Prevention of Network Breaches in Defense Area Network Using Machine Learning Techniques
Atul Kumar,Ishu Sharma +1 more
- 01 Nov 2023
TL;DR: The suggested model takes a new approach by combining deep learning architectures and anomaly detection methods to detect both established and previously unexpected network intrusions, hence increasing the resistance against network breaches.
8
Cybersecurity for Sustainable Smart Healthcare: State of the Art, Taxonomy, Mechanisms, and Essential Roles
Guma Ali,Maad M. Mijwil +1 more
- 23 May 2024
TL;DR: Cybersecurity for Sustainable Smart Healthcare: The state-of-the-art review explores cybersecurity threats, mechanisms, and essential roles in smart healthcare systems.
6
Navigating the Cyber Threat Landscape: A Comprehensive Analysis of Attacks and Security in the Digital Age
Akinul Islam Jony,Sultanul Arifeen Hamim +1 more
- 10 Jan 2024
TL;DR: The study systematically categorizes cyber threats, scrutinizes their distinctive characteristics, and elucidates the modus operandi of each attack type, offering indispensable insights for securing the authors' digital future in an era marked by escalating interconnectivity and technological dependence.
Assessment of existing cyber-attack detection models for web-based systems
TL;DR: In this paper , the authors discuss the existing cyber-attack detection models, and recommend the cyber attack detection models and techniques that are appropriate for web-based systems, showing that deep learning techniques offer better performance and robustness compared to traditional machine learning techniques and other non-artificial intelligence-based techniques.
Methodology for Safeguarding Cloud Server from Web Application Attacks
Atul Kumar,Ishu Sharma +1 more
- 01 Nov 2023
TL;DR: A thorough methodology for protecting cloud servers from online application threats, namely Logistic Regression, a Random Forest, and Decision Tree, is described, which compares the performance of three common machine learning methods in detecting and recalling probable assaults on the cloud server.
3
References
A Classification of SQL-Injection Attacks and Countermeasures
William G. J. Halfond,Jeremy Viegas,Alessandro Orso +2 more
- 01 Jan 2006
TL;DR: An extensive review of the different types of SQL injection attacks known to date is presented, including descriptions and examples of how attacks of that type could be performed and existing detection and prevention techniques against SQL injections.
A Survey on Data-driven Network Intrusion Detection
ChouDylan,JiangMeng +1 more
TL;DR: Data-driven network intrusion detection (NID) has a tendency towards minority attack classes compared to normal traffic as mentioned in this paper, and many datasets are collected in simulated environments rather than real-world...
120
SQL injection attack detection in network flow data
Ignacio Samuel Crespo-Martínez,Adrián Campazas Vega,Ángel Manuel Guerrero-Higueras,Virginia Riego del Castillo,Claudia Álvarez-Aparicio,Camino Fernández-Llamas +5 more
Abstract: SQL injections rank in the OWASP Top 3. The literature shows that analyzing network datagrams allows for detecting or preventing such attacks. Unfortunately, such detection usually implies studying all packets flowing in a computer network. Therefore, routers in charge of routing significant traffic loads usually cannot apply the solutions proposed in the literature. This work demonstrates that detecting SQL injection attacks on flow data from lightweight protocols is possible. For this purpose, we gathered two datasets collecting flow data from several SQL injection attacks on the most popular database engines. After evaluating several machine learning-based algorithms, we get a detection rate of over 97% with a false alarm rate of less than 0.07% with a Logistic Regression-based model. © 2023 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license ( http://creativecommons.org/licenses/by-nc-nd/4.0/ )
47
Cyber attack evaluation dataset for deep packet inspection and analysis
TL;DR: In this article , the authors present a set of 10 computers connected to Router1 on VLAN1 in a Docker Bridge network, that try and exploit each other, including browsing the web and downloading foreign packages including malicious ones, and services like File Transfer Protocol (FTP) and Secure Shell (SSH).
11
An Efficient Model to Detect and Prevent SQL Injection Attack
Abdalla Hadabi,Eltyeb Elsamani,Ali E. Abdallah,Rashad Elhabob +3 more
- 30 Mar 2022
TL;DR: A model to detect and prevent SQL injection attacks, which uses runtime validation to detect the occurrence of such attacks, is proposed, which is adaptable to any existing system, with no need to modify the client or server and either no needs to know web application source code.
7