文章基本信息

标题：A Literature Review and Comparative Analyses on SQL Injection: Vulnerabilities, Attacks and their Prevention and Detection Techniques
本地全文：下载
作者：Bojken Shehu ; Aleksander Xhuvani
期刊名称：International Journal of Computer Science Issues
印刷版ISSN：1694-0784
电子版ISSN：1694-0814
出版年度：2014
卷号：11
期号：4
出版社：IJCSI Press
摘要：SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The attack takes advantage of poor input validation in code and website administration. It allows attackers to obtain unauthorized access to the back-and database to change the intended application generated SQL queries. Researchers have proposed various solutions to address SQL injection problems. However, many of them have limitations and often cannot address all kind of injection problems. Whats more, new types of SQL injection attacks have arisen over the years. To better counter these attacks, identifying and understanding existing techniques are very important. In this research we present all SQL injection attack types and also different techniques and tools which can detect or prevent these attacks.
关键词：SQL injection attacks; Web application security; prevention; detection.