Change search
ReferencesLink to record
Permanent link

Direct link
A Taxonomy of SQL Injection Defense Techniques
Blekinge Institute of Technology, School of Computing.
Blekinge Institute of Technology, School of Computing.
2011 (English)Independent thesis Advanced level (degree of Master (Two Years))Student thesis
Abstract [en]

Context: SQL injection attack (SQLIA) poses a serious defense threat to web applications by allowing attackers to gain unhindered access to the underlying databases containing potentially sensitive information. A lot of methods and techniques have been proposed by different researchers and practitioners to mitigate SQL injection problem. However, deploying those methods and techniques without a clear understanding can induce a false sense of security. Classification of such techniques would provide a great assistance to get rid of such false sense of security. Objectives: This paper is focused on classification of such techniques by building taxonomy of SQL injection defense techniques. Methods: Systematic literature review (SLR) is conducted using five reputed and familiar e-databases; IEEE, ACM, Engineering Village (Inspec/Compendex), ISI web of science and Scopus. Results: 61 defense techniques are found and based on these techniques, a taxonomy of SQL injection defense techniques is built. Our taxonomy consists of various dimensions which can be grouped under two higher order terms; detection method and evaluation criteria. Conclusion: The taxonomy provides a basis for comparison among different defense techniques. Organization(s) can use our taxonomy to choose suitable owns depending on their available resources and environments. Moreover, this classification can lead towards a number of future research directions in the field of SQL injection.

Place, publisher, year, edition, pages
2011. , 134 p.
Keyword [en]
SQL injection, Defense technique, Taxonomy, Security, Web application
National Category
Computer Science Software Engineering
URN: urn:nbn:se:bth-3076Local ID: diva2:830374
0760880470, 0700183408Available from: 2015-04-22 Created: 2011-09-19 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(392 kB)240 downloads
File information
File name FULLTEXT01.pdfFile size 392 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Computing
Computer ScienceSoftware Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 240 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 71 hits
ReferencesLink to record
Permanent link

Direct link