SQL注入攻击-系统回顾

Int. J. Inf. Comput. Secur. Pub Date : 2019-08-27 DOI:10.1504/ijics.2019.10023476

Kirti Sharma, Shobha Bhatt

{"title":"SQL注入攻击-系统回顾","authors":"Kirti Sharma, Shobha Bhatt","doi":"10.1504/ijics.2019.10023476","DOIUrl":null,"url":null,"abstract":"In today's era, each and every person is utilising websites and so many different web applications for online administrations, for example: booking of railway tickets, movie ticketing, shopping, communication and so forth. These websites consists sensitive and confidential information. With the linearity of web applications in the last decade, the unconstructive crash of security has also matured either. SQL injection attack is one such attack where the anonymous user can append SQL code to input query. This research paper starts with developing criteria for systematic literature review based on research questions, quality assessment and data samples. The paper presents various SQL injection techniques with their intended attacks. Further studies explore different techniques to prevent attacks. Tabular representation of quality evaluation criteria was presented with grades. Lastly, different research questions and solutions were provided related to SQL injection attacks.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"SQL injection attacks - a systematic review\",\"authors\":\"Kirti Sharma, Shobha Bhatt\",\"doi\":\"10.1504/ijics.2019.10023476\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In today's era, each and every person is utilising websites and so many different web applications for online administrations, for example: booking of railway tickets, movie ticketing, shopping, communication and so forth. These websites consists sensitive and confidential information. With the linearity of web applications in the last decade, the unconstructive crash of security has also matured either. SQL injection attack is one such attack where the anonymous user can append SQL code to input query. This research paper starts with developing criteria for systematic literature review based on research questions, quality assessment and data samples. The paper presents various SQL injection techniques with their intended attacks. Further studies explore different techniques to prevent attacks. Tabular representation of quality evaluation criteria was presented with grades. Lastly, different research questions and solutions were provided related to SQL injection attacks.\",\"PeriodicalId\":164016,\"journal\":{\"name\":\"Int. J. Inf. Comput. Secur.\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-08-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Inf. Comput. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/ijics.2019.10023476\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Inf. Comput. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijics.2019.10023476","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

在当今时代，每个人都在利用网站和许多不同的网络应用程序进行在线管理，例如:预订火车票，电影票，购物，通信等等。这些网站包含敏感和机密信息。随着过去十年web应用程序的线性化，非建设性的安全崩溃也成熟了。SQL注入攻击是匿名用户在输入查询时附加SQL代码的一种攻击。本研究首先从研究问题、质量评估和数据样本出发，制定系统文献综述的标准。本文介绍了各种SQL注入技术及其攻击目标。进一步的研究探索不同的技术来防止攻击。质量评价标准的表格表示以等级表示。最后，针对SQL注入攻击提出了不同的研究问题和解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

SQL injection attacks - a systematic review

In today's era, each and every person is utilising websites and so many different web applications for online administrations, for example: booking of railway tickets, movie ticketing, shopping, communication and so forth. These websites consists sensitive and confidential information. With the linearity of web applications in the last decade, the unconstructive crash of security has also matured either. SQL injection attack is one such attack where the anonymous user can append SQL code to input query. This research paper starts with developing criteria for systematic literature review based on research questions, quality assessment and data samples. The paper presents various SQL injection techniques with their intended attacks. Further studies explore different techniques to prevent attacks. Tabular representation of quality evaluation criteria was presented with grades. Lastly, different research questions and solutions were provided related to SQL injection attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Int. J. Inf. Comput. Secur.

自引率

0.00%

发文量