Classification of Sql Injection Detection And Prevention Measure

Abstract

: SQL injection vulnerability is the one of the most common web-based application vulnerabilities that can be exploited by SQL injection attack to gain access to restricted data, bypass authentication mechanism, and execute unauthorized data manipulation language. Defensive coding is a simple and affordable way to tackle this problem, however there are some issue regarding use of defensive coding which makes the system in effective, less resistant and resilience to attack. In this paper we provide detailed background of SQLIA (SQL Injection Attack), classified defensive coding to different categories, reviewed existing technique that are related to each techniques, state strength and weakness of such technique, evaluate such technique based on number of attacks they were able to stop and evaluate each category of approach based on its deployment requirements related to inheritance. The goal of this paper is to provide programmers with common issues that need to be considered before choosing a particular technique and to raise awareness of issues related to such techniques as many of those techniques were not meant for the purpose of protection of SQLIA. In addition, we hope to provide researchers by shedding light on how to develop good SQLI (SQL Injection) protection tools as most of the SQLI protection tools were developed using combination a of two or more defensive coding techniques. Lastly we provide recommendations on to avoid such issues.