Authors : M. A. Lawal, Abu Bakar Md. Sultan and Ayanloye O. Shakiru
Abstract: SQL injection attack is a common threat to web applications that utilizes poor input validation to implement attack on a target database. It is becoming a very serious problem in web applications as successful execution leads to loss of integrity and confidentiality and this makes it a very sensitive issue of software security. The study presents a Systematic Literature Review (SLR) on SQL Injection Attacks (SQLIA) following Kitchenham's procedure of performing systematic literature review. This study gives a review on SQL injection attack, detection and prevention techniques. In the end, an evaluation of the techniques is carried out to check the effectiveness of each technique based on how many method of attack it can detect and prevent. It is imperative to note that a good number of the evaluated techniques were able to detect and prevent all types of SQLIA based on the selected criteria. To determine the best technique resources such as memory and processing time need to be considered in the evaluation.
M. A. Lawal, Abu Bakar Md. Sultan and Ayanloye O. Shakiru, 2016. Systematic Literature Review on SQL Injection Attack. International Journal of Soft Computing, 11: 26-35.