Website Security Analysis Against SQL Injection Attack: Systematic Review
Article Sidebar
Main Article Content
Abstract
The development of information technology has driven the massive use of websites in various sectors, making it one of the main targets of cyberattacks. One of the most dangerous and frequent types of attacks is SQL Injection, which exploits loopholes in user input to execute malicious SQL commands. This study aims to analyze various methods that have been applied in efforts to secure websites against SQL Injection attacks through a systematic review approach. Seven scientific articles published between 2020 and 2025 were examined in depth by considering the methods used, the effectiveness of the protection system, and the potential security loopholes that still exist. The results of the study show that the use of Web Application Firewall (WAF), penetration testing tools such as SQLmap and OWASP ZAP, as well as input validation practices and the use of SSL/Captcha are the most effective approaches in preventing SQL Injection attacks. Nonetheless, the effectiveness of protection is highly dependent on system configuration and consistency of security implementation. Therefore, a multi-layered approach that includes secure technologies, security procedures, and software development practices is indispensable to build information systems that are resilient to SQL Injection threats.
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
[1] C. L. Martin, E. N. Kramer-Kostecka, J. A. Linde, S. Friend, V. R. Zuroski, and J. A. Fulkerson, “Leveraging interdisciplinary teams to develop and implement secure websites for behavioral research: Applied tutorial,” J Med Internet Res, vol. 22, no. 9, p. e19217, Sep. 2020, doi: 10.2196/19217.
[2] P. Makris et al., “Digitization era for electric utilities: A novel business model through an inter-disciplinary s/w platform and open research challenges,” IEEE Access, vol. 6, pp. 22452–22463, Apr. 2018, doi: 10.1109/ACCESS.2018.2828323.
[3] B. Fischer, D. Meissner, R. Nyuur, and D. Sarpong, “Guest Editorial: Cyber-Attacks, Strategic Cyber-Foresight, and Security,” IEEE Trans Eng Manag, vol. 69, no. 6, pp. 3660–3663, Dec. 2022, doi: 10.1109/TEM.2022.3204165.
[4] P. Papadopoulos, P. Ilia, M. Polychronakis, E. P. Markatos, S. Ioannidis, and G. Vasiliadis, “Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation”, doi: 10.14722/ndss.2019.23070.
[5] W. B. Demilie and F. G. Deriba, “Detection and prevention of SQLI attacks and developing compressive framework using ma-chine learning and hybrid techniques,” J Big Data, vol. 9, no. 1, pp. 1–30, Dec. 2022, doi: 10.1186/S40537-022-00678-0/FIGURES/7.
[6] B. R. Dawadi, B. Adhikari, and D. K. Srivastava, “Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks,” Sensors 2023, Vol. 23, Page 2073, vol. 23, no. 4, p. 2073, Feb. 2023, doi: 10.3390/S23042073.
[7] W. B. Demilie and F. G. Deriba, “Detection and prevention of SQLI attacks and developing compressive framework using ma-chine learning and hybrid techniques,” J Big Data, vol. 9, no. 1, pp. 1–30, Dec. 2022, doi: 10.1186/S40537-022-00678-0/FIGURES/7.
[8] F. M. M. Mokbal, W. Dan, A. Imran, L. Jiuchuan, F. Akhtar, and W. Xiaoxi, “MLPXSS: An Integrated XSS-Based Attack De-tection Scheme in Web Applications Using Multilayer Perceptron Technique,” IEEE Access, vol. 7, pp. 100567–100580, 2019, doi: 10.1109/ACCESS.2019.2927417.
[9] M. Liu, B. Zhang, W. Chen, and X. Zhang, “A Survey of Exploitation and Detection Methods of XSS Vulnerabilities,” IEEE Access, vol. 7, pp. 182004–182016, 2019, doi: 10.1109/ACCESS.2019.2960449.
[10] S. Abaimov and G. Bianchi, “CODDLE: Code-Injection Detection with Deep Learning,” IEEE Access, vol. 7, pp. 128617–128627, 2019, doi: 10.1109/ACCESS.2019.2939870.
[11] T. S. Riera, J. R. B. Higuera, J. B. Higuera, J. J. M. Herraiz, and J. A. S. Montalvo, “Prevention and Fighting against Web At-tacks through Anomaly Detection Technology. A Systematic Review,” Sustainability 2020, Vol. 12, Page 4945, vol. 12, no. 12, p. 4945, Jun. 2020, doi: 10.3390/SU12124945.
[12] D. Hitaj, B. Hitaj, S. Jajodia, and L. V. Mancini, “Capture the Bot: Using Adversarial Examples to Improve CAPTCHA Robust-ness to Bot Attacks,” IEEE Intell Syst, vol. 36, no. 5, pp. 104–112, 2021, doi: 10.1109/MIS.2020.3036156.
[13] Z. A. Alizai, H. Tahir, M. H. Murtaza, S. Tahir, and K. McDonald-Maier, “Key-Based Cookie-Less Session Management Frame-work for Application Layer Security,” IEEE Access, vol. 7, pp. 128544–128554, 2019, doi: 10.1109/ACCESS.2019.2940331.
[14] B. R. Dawadi, B. Adhikari, and D. K. Srivastava, “Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks,” Sensors 2023, Vol. 23, Page 2073, vol. 23, no. 4, p. 2073, Feb. 2023, doi: 10.3390/S23042073.
[15] W. B. Demilie and F. G. Deriba, “Detection and prevention of SQLI attacks and developing compressive framework using ma-chine learning and hybrid techniques,” J Big Data, vol. 9, no. 1, pp. 1–30, Dec. 2022, doi: 10.1186/S40537-022-00678-0/FIGURES/7.
[16] F. Faisal Fadlalla and H. T. Elshoush, “Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art,” IEEE Access, vol. 11, pp. 40128–40161, 2023, doi: 10.1109/ACCESS.2023.3266385.
[17] W. B. Demilie and F. G. Deriba, “Detection and prevention of SQLI attacks and developing compressive framework using ma-chine learning and hybrid techniques,” J Big Data, vol. 9, no. 1, pp. 1–30, Dec. 2022, doi: 10.1186/S40537-022-00678-0/FIGURES/7.