International Journal of Scientific & Technology Research

Home About Us Scope Editorial Board Blog/Latest News Contact Us
10th percentile
Powered by  Scopus
Scopus coverage:
Nov 2018 to May 2020


IJSTR >> Volume 8 - Issue 1, January 2019 Edition

International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616

SQL Injection Attacks: Detection And Prevention Techniques

[Full Text]



Raniah Alsahafi



Databases Detection System, legitimate query, malicious inputs, SQL injection attack, Prevention Techniques, Vulnerabilities



Database driven web application are vulnerable to SQL Injection Attacks which try to access the sensitive data directly. They work by injecting malicious SQL codes through the web application and cause unexpected behavior from the database. There are different Techniques that have been proposed by researchers to prevent or detect these type of attacks. This paper has presented most of all proposed methods and tools to detect SQL injection attack. Finally, a comparison between those methodology has been presented and analyzed.



[1] W. Halfond, A. Orso, “AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks,” The 20th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 174–183, 2005.

[2] Y. Kosuga, K. Kono, M. Hanaoka, “Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection,” The 23rd Annual Computer Security Applications Conference, 107- 116.

[3] S. W. Boyd, A. D. Keromytis,” SQLrand: Preventing SQL Injection Attacks”, The 2nd Applied Cryptography and Network Security (ACNS) Conference, pp 292–302, June 2004.

[4] K. Kemalis, T. Tzouramanis, “SQL-IDS: A Specification-based Approach for SQL-Injection Detection”, The 2008 ACM symposium on Applied computing, March 2008.

[5] S.Y. Lee, W.L. Low, P.Y. Wong, “Learning Fingerprints for a Database Intrusion Detection System”.

[6] X. Fu, X. Lu, B. Peltsverger, Sh. Chen, K. Qian, L. Tao, “A Static Analysis Framework For Detecting SQL Injection Vulnerabilities”, compsac, vol. 1, pp.87-96, 2007 31st Annual International Computer Software and Applications Conference, 2007.

[7] Z. Su, G. Wassermann,” The Essence of Command Injection Attacks in Web Applications”, The 33rd Annual Symposium on Principles of Programming Languages (POPL 2006), Jan. 2006.

[8] Liu, A., Yuan, Y., Wijesekera, D. Stavrou, A., “SQLProb: a proxy-based architecture towards preventing SQL injection attacks”, 2009.

[9] D.Mitropoulos, D. Spinellis “SDriver: Location-specific signatures prevent SQL injection attacks”, Computers and Security 28, 121–129, 2009.

[10] A.Ciampa, C.A .Visaggio, M. D. Penta, “A heuristic-based approach for detecting SQL-injection”, Proceedings of the 2010 ICSE,2010.