Inlämning av Examensarbete / Submission of Thesis

Dhiraj Aryal; Anup Shakya MCS-2011-46, pp. 134. COM/School of Computing, 2011.

The work

Författare / Author: Dhiraj Aryal, Anup Shakya
dhiraj_asp@hotmail.com, anup007np@gmail.com
Titel / Title: A Taxonomy of SQL Injection Defense Techniques
Abstrakt Abstract:

Context: SQL injection attack (SQLIA) poses a serious defense threat to web applications by allowing attackers to gain unhindered access to the underlying databases containing potentially sensitive information. A lot of methods and techniques have been proposed by different researchers and practitioners to mitigate SQL injection problem. However, deploying those methods and techniques without a clear understanding can induce a false sense of security. Classification of such techniques would provide a great assistance to get rid of such false sense of security.
Objectives: This paper is focused on classification of such techniques by building taxonomy of SQL injection defense techniques.
Methods: Systematic literature review (SLR) is conducted using five reputed and familiar e-databases; IEEE, ACM, Engineering Village (Inspec/Compendex), ISI web of science and Scopus.
Results: 61 defense techniques are found and based on these techniques, a taxonomy of SQL injection defense techniques is built. Our taxonomy consists of various dimensions which can be grouped under two higher order terms; detection method and evaluation criteria.
Conclusion: The taxonomy provides a basis for comparison among different defense techniques. Organization(s) can use our taxonomy to choose suitable owns depending on their available resources and environments. Moreover, this classification can lead towards a number of future research directions in the field of SQL injection.

Ämnesord / Subject: Datavetenskap - Computer Science\General
Datavetenskap - Computer Science\Computersystems
Datavetenskap - Computer Science\Software Engineering
Nyckelord / Keywords: SQL injection, Defense technique, Taxonomy, Security, Web application

Publication info

Dokument id / Document id: houn-8lukku
Program:/ Programme Datavetenskapligt program/Computer Science
Registreringsdatum / Date of registration: 09/19/2011
Uppsatstyp / Type of thesis: Masterarbete/Master's Thesis (120 credits)

Context

Handledare / Supervisor: Dr. Stefan Axelsson
stefan.axelsson@bth.se
Examinator / Examiner: Professor Lars Lundberg
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: COM/School of Computing

+46 455 38 50 00
Anmärkningar / Comments:

0760880470, 0700183408

Files & Access

Bifogad uppsats fil(er) / Files attached: bth2011shakya.pdf (401 kB, öppnas i nytt fönster)