A Systematic Review and Taxonomy of SQL Injection Defense Techniques

This paper is focused on building a taxonomy of SQL injection defense techniques and classifying current methods according to that taxonomy. A systematic literature review (SLR) is conducted using the five major e-databases; IEEE, ACM, Engineering Village (Inspec/Compendex), ISI web of science and Scopus. 61 defense techniques were found and based on these techniques, a taxonomy of SQL injection defense techniques was built. The taxonomy consists of various dimensions which can be grouped under two higher order terms; detection method and evaluation criteria. The taxonomy provides a basis for comparison of different defense techniques. Organization(s) can use our taxonomy to choose suitable defenses depending on their available resources and environments. Moreover, this classification can lead towards a number of future research directions in the field of SQL injection prevention.

Autorentext

Anup Shakya tem 10 anos de experiência profissional como programador, a maior parte dos quais a trabalhar com aplicações Web, comércio eletrónico e questões de segurança Web numa empresa de TI. Obteve o seu mestrado em Ciências da Computação no Instituto de Tecnologia de Blekinge, na Suécia, em 2011, e a sua licenciatura em Engenharia Informática na Faculdade de Engenharia de Kathmandu, no Nepal, em 2006.