Overview of Sql Injection Types, Defense Tools and Prevention Techniques
Main Article Content
Abstract
SQL injection is the most widely used attack and therefore remains a highly pervasive threat to the security of databases and applications on the internet. This attack utilizes weaknesses in the input fields of an application to provide for the unauthorized execution of SQL queries on the application's database. Hackers exploit these vulnerabilities thus enabling them to steal sensitive information and breach authentication systems. This review paper discusses the different types of SQLI, such as Union-based, Error-based, Blind, and Time-based SQLI, with a strong emphasis on unique characteristics as well as the precise techniques executed in each of them. A detailed analysis would also focus on tools used in the detection and exploitation of attacks, such as SQLmap, Havij, and jSQL, as well as defensive technologies such as WAFs, parameterized queries, and secure coding practices. That is, by comparing every mode of attack with the prevention techniques used, this paper can, as such, introduce a holistic review of current defense mechanisms in place to understand their strengths and weaknesses. What is more, it identifies critical challenges and research gaps in the prevention of SQLI attacks and propounds themes that should be looked into in the future to enhance security on the web and to diminish the threats that persist.