SQL Injection Attack Mechanisms and Prevention Techniques

摘要

SQL Injection Attacks have been around for over a decade and yet most web applications being deployed today are vulnerable to it. The bottom line is that the web has made it easy for new developers to develop web applications without concerning themselves with the security flaws, and that SQL Injection is thought to be a simple problem with a very simple remedy. To truly bring security to the masses, we propose a classification that not only enumerates but also categorizes the various attack methodologies, and also the testing frameworks and prevention mechanisms. We intend our classification to help understand the state of the art on both sides of the fields to lay the groundwork for all future work in this area.