Systematic Literature Review: Preventing SQL Injection Attacks Using Tools OWASP CSR Web Application Firewall

Authors

DOI:

https://doi.org/10.32493/informatika.v7i1.17590

Keywords:

SQL Injection, Prevent, OWASP CSR, Systematic Literature Review, WAF

Abstract

SQL Injection Attacks are a common threat for web-based applications that use insecure input validation to target database attacks. This becomes a very serious problem in web-based applications because successful execution causes loss of integrity and confidentiality and this makes it a very sensitive software security issue. This study presents a Systematic Literature Review (SLR) using PICOC Method on Preventing SQL Injection Attacks Using OWASP Tools. This study provides an overview of SQL Injection Attacks, detection, and prevention techniques. In the end, an evaluation of the effectiveness of detection and prevention using the OWASP CSR Web Application firewall was carried out. It should be noted that the OWASP Tools can also detect and prevent SQL Injection Attacks.

References

Alenezi, M., Nadeem, M., & Asif, R. (2021). SQL injection attacks countermeasures assessments. In Indonesian Journal of Electrical …. researchgate.net. https://www.researchgate.net/profile/Mamdouh-Alenezi-2/publication/344597081_SQL_Injection_Attacks_Countermeasures_Assessments/links/5fcc5c6345851568d142b19a/SQL-Injection-Attacks-Countermeasures-Assessments.pdf

Bisht, P., Pant, D., & Rauthan, M. S. (2018). Analyzing and Defending Web Application Vulnerabilities through Proposed Security Model in Cloud Computing. Journal of Graphic …. https://www.journal.riverpublishers.com/index.php/JGEU/article/view/2592

Castillo, R. E., Caliwag, J. A., Pagaduan, R. A., & ... (2019). Prevention of SQL injection attacks to login page of a website application using prepared statement technique. Proceedings of the 2019 …. https://doi.org/10.1145/3322645.3322704

Chen, D., Yan, Q., Wu, C., & Zhao, J. (2021). Sql injection attack detection and prevention techniques using deep learning. Journal of Physics: Conference …. https://iopscience.iop.org/article/10.1088/1742-6596/1757/1/012055/meta

Chen, Z., & Guo, M. (2018). Research on SQL injection detection technology based on SVM. MATEC Web of Conferences. https://www.matec-conferences.org/articles/matecconf/abs/2018/32/matecconf_smima2018_01004/matecconf_smima2018_01004.html

Fang, Y., Peng, J., Liu, L., & Huang, C. (2018). WOVSQLI: Detection of SQL injection behaviors using word vector and LSTM. … of the 2nd International Conference on …. https://doi.org/10.1145/3199478.3199503

Gautam, B., Tripathi, J., & Singh, S. (2018). A secure coding approach for prevention of SQL injection attacks. In International Journal of Applied …. ripublication.com. https://www.ripublication.com/ijaer18/ijaerv13n11_158.pdf

Harshavardhan, G., & Maheshwari, M. (2020). SQL Injection-Biggest vulnerability of the era. wwww.easychair.org. https://wwww.easychair.org/publications/preprint_download/mptV

Hubskyi, O., Babenko, T., Myrutenko, L., & ... (2020). Detection of sql injection attack using neural networks. International Scientific …. https://doi.org/10.1007/978-3-030-58124-4_27

Jemal, I., Cheikhrouhou, O., Hamam, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention Techniques Using Machine Learning. International Journal of Applied Engineering Research.

Laksono, A. T., & Santoso, J. D. (2021). Analysis of Website Security of SMKN 1 Pangandaran Against SQL Injection Attack Using OWASP Method. … of Informatics and …. http://ejurnal.stmik-budidarma.ac.id/index.php/ijics/article/view/3208

Li, Q., Li, W., Wang, J., & Cheng, M. (2019). A SQL injection detection method based on adaptive deep forest. IEEE Access. https://ieeexplore.ieee.org/abstract/document/8854182/

Mukhtar, B. I., & Azer, M. A. (2020). Evaluating the Modsecurity Web Application Firewall Against SQL Injection Attacks. 2020 15th International Conference on …. https://ieeexplore.ieee.org/abstract/document/9334626/

Muttaqin, M. F., & Yaddarabullah, S. (2020). Implementation of AES-128 and Token-Base64 to Prevent SQL Injection Attacks via HTTP. In International Journal. academia.edu. https://www.academia.edu/download/63904066/ijatcse6093202020200712-21480-1dnfwt1.pdf

Myrutenko, L., & Oksiiuk, O. (2020). Detection of SQL Injection Attack Using Neural Networks. … and Simulation of Systems (MODS’2020 …. https://books.google.com/books?hl=en&lr=&id=jw36DwAAQBAJ&oi=fnd&pg=PA277&dq=prevent+sql+injection+attack+using+owasp&ots=qEAmOU_HB6&sig=pffwDMT8gNa0DaVuqyvI52BBMZg

Olalere, M., Egigogo, R. A., Umar, R., & Abdulhamid, S. M. (2018). A Systematic Literature Review on Detection, Prevention and Classification with Machine Learning Approach. repository.futminna.edu.ng. http://repository.futminna.edu.ng:8080/jspui/handle/123456789/10422

Riadi, I., Umar, R., & Sukarno, W. (2018). Vulnerability of Injection Attacks Against The Application Security of Framework Based Bebsites Open Web Access Security Project (OWASP). In J. Inform. core.ac.uk. https://core.ac.uk/download/pdf/324200022.pdf

Robinson, Akbar, M., & Ridha, M. A. F. (2018). SQL injection and cross site scripting prevention using OWASP web application firewall. International Journal on Informatics Visualization. https://doi.org/10.30630/joiv.2.4.107

Xie, X., Ren, C., Fu, Y., Xu, J., & Guo, J. (2019). Sql injection detection for web applications based on elastic-pooling cnn. IEEE Access. https://ieeexplore.ieee.org/abstract/document/8877739/

Zhang, H., Zhao, B., Yuan, H., Zhao, J., Yan, X., & ... (2019). SQL injection detection based on deep belief network. Proceedings of the 3rd …. https://doi.org/10.1145/3331453.3361280

Jurnal Informatika Universitas Pamulang Vol. 7 No. 1 Maret 2022

Downloads

Published

2022-05-31

Issue

Vol. 7 No. 1 (2022): JURNAL INFORMATIKA UNIVERSITAS PAMULANG

Section

Article

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

Jurnal Informatika Universitas Pamulang have CC-BY-NC or an equivalent license as the optimal license for the publication, distribution, use, and reuse of scholarly work.

In developing strategy and setting priorities, Jurnal Informatika Universitas Pamulang recognize that free access is better than priced access, libre access is better than free access, and libre under CC-BY-NC or the equivalent is better than libre under more restrictive open licenses. We should achieve what we can when we can. We should not delay achieving free in order to achieve libre, and we should not stop with free when we can achieve libre.

Jurnal Informatika Universitas Pamulang is licensed under a Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)

YOU ARE FREE TO:

  • Adapt : remix, transform, and build upon the material for any purpose, even commercially.
  • The licensor cannot revoke these freedoms as long as you follow the license terms