Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Taxonomy of SQL Injection Defense Techniques
Blekinge Institute of Technology, School of Computing.
Blekinge Institute of Technology, School of Computing.
2011 (English)Independent thesis Advanced level (degree of Master (Two Years))Student thesis
Abstract [en]

Context: SQL injection attack (SQLIA) poses a serious defense threat to web applications by allowing attackers to gain unhindered access to the underlying databases containing potentially sensitive information. A lot of methods and techniques have been proposed by different researchers and practitioners to mitigate SQL injection problem. However, deploying those methods and techniques without a clear understanding can induce a false sense of security. Classification of such techniques would provide a great assistance to get rid of such false sense of security. Objectives: This paper is focused on classification of such techniques by building taxonomy of SQL injection defense techniques. Methods: Systematic literature review (SLR) is conducted using five reputed and familiar e-databases; IEEE, ACM, Engineering Village (Inspec/Compendex), ISI web of science and Scopus. Results: 61 defense techniques are found and based on these techniques, a taxonomy of SQL injection defense techniques is built. Our taxonomy consists of various dimensions which can be grouped under two higher order terms; detection method and evaluation criteria. Conclusion: The taxonomy provides a basis for comparison among different defense techniques. Organization(s) can use our taxonomy to choose suitable owns depending on their available resources and environments. Moreover, this classification can lead towards a number of future research directions in the field of SQL injection.

Place, publisher, year, edition, pages
2011. , p. 134
Keywords [en]
SQL injection, Defense technique, Taxonomy, Security, Web application
National Category
Computer Sciences Software Engineering
Identifiers
URN: urn:nbn:se:bth-3076Local ID: oai:bth.se:arkivexEA9BF9A2FF46C03FC125791000524C45OAI: oai:DiVA.org:bth-3076DiVA, id: diva2:830374
Uppsok
Technology
Supervisors
Note
0760880470, 0700183408Available from: 2015-04-22 Created: 2011-09-19 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

fulltext(392 kB)4211 downloads
File information
File name FULLTEXT01.pdfFile size 392 kBChecksum SHA-512
9a347f34054756bedda1708d9f0a14493be4d63e1e5bd0de179d22071d89c577bccf7296d7932f75890c33b149aa626834be296640e477b86c459e605ea0b4d1
Type fulltextMimetype application/pdf

By organisation
School of Computing
Computer SciencesSoftware Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 4212 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 716 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf