A Taxonomy of SQL Injection Defense Techniques
Independent thesis Advanced level (degree of Master (Two Years))Student thesis
Context: SQL injection attack (SQLIA) poses a serious defense threat to web applications by allowing attackers to gain unhindered access to the underlying databases containing potentially sensitive information. A lot of methods and techniques have been proposed by different researchers and practitioners to mitigate SQL injection problem. However, deploying those methods and techniques without a clear understanding can induce a false sense of security. Classification of such techniques would provide a great assistance to get rid of such false sense of security. Objectives: This paper is focused on classification of such techniques by building taxonomy of SQL injection defense techniques. Methods: Systematic literature review (SLR) is conducted using five reputed and familiar e-databases; IEEE, ACM, Engineering Village (Inspec/Compendex), ISI web of science and Scopus. Results: 61 defense techniques are found and based on these techniques, a taxonomy of SQL injection defense techniques is built. Our taxonomy consists of various dimensions which can be grouped under two higher order terms; detection method and evaluation criteria. Conclusion: The taxonomy provides a basis for comparison among different defense techniques. Organization(s) can use our taxonomy to choose suitable owns depending on their available resources and environments. Moreover, this classification can lead towards a number of future research directions in the field of SQL injection.
Place, publisher, year, edition, pages
2011. , 134 p.
SQL injection, Defense technique, Taxonomy, Security, Web application
Computer Science Software Engineering
IdentifiersURN: urn:nbn:se:bth-3076Local ID: oai:bth.se:arkivexEA9BF9A2FF46C03FC125791000524C45OAI: oai:DiVA.org:bth-3076DiVA: diva2:830374
Axelsson, Dr. Stefan
0760880470, 07001834082015-04-222011-09-192015-06-30Bibliographically approved