Critical issue to consider while developing SQL injection prevention mechanism

SQL injection vulnerability is the one of the most common web-based application vulnerabilities that can be exploited by SQL injection attack to gain access to restricted data, bypass authentication mechanism and execute unauthorized data manipulation language. Defensive coding is the simple and aff...

Full description

Saved in:
Bibliographic Details
Main Authors: Aliero, Muhammad Saidu, Ghani, Imran, Khan, Muhammad Murad, Nkima, L. H.
Format: Conference or Workshop Item
Language:English
Published: 2015
Subjects:
Online Access:http://eprints.utm.my/id/eprint/63436/1/ImranGhani2015_CriticalIssuetoConsiderWhileDeveloping.pdf
http://eprints.utm.my/id/eprint/63436/
http://www.icsess.utm.my/download/ICSESS_2015_Book_of_Extended_Abstracts.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:SQL injection vulnerability is the one of the most common web-based application vulnerabilities that can be exploited by SQL injection attack to gain access to restricted data, bypass authentication mechanism and execute unauthorized data manipulation language. Defensive coding is the simple and affordable way to tackle this problem, by applying secure coding in each an every queries used in application. In this paper we provide a detailed background of SQLI attack, we classify defensive coding into different categories, review existing techniques that are related to each technique, and also evaluate such techniques based on number of attacks they were able to stop.We also evaluated each category of approach based on it's deployment requirement related to inheritance. Currently, to the best of our knowledge no papers have classied defensive coding as we do.