Systematic Literature Review: SQL Injection in Web Applications
Abstract
SQL injection is a security vulnerability that affects web applications. This occurs when a SQL (malicious code) query is inserted through the inputs of a client interface allowing you to read and modify information. This article details the process of systematic review of literature on primary studies that raise proposals and solution about SQL injection. Barbara Kitchenham proposed protocol was followed and a total of 9 studies of various journals and conferences was reviewed. Research on SQL injections is still an open issue, it has been obtained proposals for the prevention and detection of it. One is Hibrid Modeling Framework that addresses SQL injection vulnerabilities in the design phase. Exposed solutions are many and diverse, focused on prevention and detection of SQL injection vulnerabilities.
Downloads
References
R. A. Oliveira, N. Laranjeiro, and M. Vieira, “Assessing the security of web service frameworks against Denial of Service attacks,” J. Syst. Softw., vol. 109, pp. 18–31, 2015.
M. Castro-león, F. Boixader, M. Taboada, D. Rexachs, E. Universitària, and T. Cerdà, “Servicios y Seguridad , un enfoque basado en estrategias de ataque y defensa,” pp. 39–48, 2015.
D. CAMACHO, G. MARTINEZ, and D. BIANCHA, “Diseño De Framework Web Para El Desarrollo Dinamico De Aplicaciones,” no. 44, pp. 178–183, 2010.
M. D. P. Salas-Zárate, G. Alor-Hernández, R. Valencia-García, L. Rodríguez-Mazahua, A. Rodríguez-González, and J. L. López Cuadrado, “Analyzing best practices on Web development frameworks: The lift approach,” Sci. Comput. Program., vol. 102, pp. 1–19, 2015.
H. Cervantes, R. Kazman, and J. Ryoo, “Seguridad y uso de Frameworks _ SG.” p. SG # 47, 2015.
A. R. Sartorio, G. L. Rodríguez, and M. Vaquero, “Investigación en el diseño y desarrollo para el enriquecimiento de un framework colaborativo web sensible al contexto,” XIIIWork. Investig. en Ciencias la Comput., pp. 1–5, 2011.
C. García, R. Hervás, and P. D. A.-/9 L. B.-G. Gervás, “Una Arquitectura Software para el Desarrollo de Aplicaciones de Generación de Lenguaje Natural,” Soc. Española para el Proces. del Leng. Nat. Proces. Leng. Nat., vol. 33, pp. 111–118 ST –Una Arquitectura Software para el De, 2004.
G. Martínez Villalobos, G. D. Camacho Sánchez, and D. A. Biancha Gutiérrez, “Diseño de Framework web para el desarrollo dinámico de aplicaciones,” Sci. Tech., vol. XVI,no. 44, pp. 178–183, 2010.
H. T. Quinche, René Guamán, “Seguridad en Entornos Web para Sistemas de Gestión Académica,” pp. 1–47.
R. Akrout, E. Alata, M. Kaaniche, and V. Nicomette, “An automated black box approach for web vulnerability identification and attack scenario generation,” J. Brazilian Comput. Soc., vol. 20, no. 1, p. 4, 2014.[11]A. María Reina Quintero, “Separación avanzada de conceptos en entornos WEB.,” pp. 3–16.
G. Deepa and P. S. Thilagam, “Securing web applications from injection and logic vulnerabilities: Approaches and challenges,” Inf. Softw. Technol., vol. 74, pp. 160–180, 2016.
Owasp, “OWASP Top 10 -2013,” OWASP Top 10, p. 22, 2013.
J. I. Calderón, “Seguridad en Aplicaciones Web.”
S. E. Group and R. Unido, “Directrices para la realización sistemática de la literatura críticas en Ingeniería de Software Sección de Control de Documentos,” 2007.
B. Kitchenham, “Procedures for performing systematic reviews,” Keele, UK, Keele Univ., vol. 33, no. TR/SE-0401, p. 28, 2004
Copyright Notice
Authors who publish this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-Non-Commercial-Share-Alike 4.0 International 4.0 that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
Disclaimer
LAJC in no event shall be liable for any direct, indirect, incidental, punitive, or consequential copyright infringement claims related to articles that have been submitted for evaluation, or published in any issue of this journal. Find out more in our Disclaimer Notice.