International Association of Computer Science and Information Technology(IACSIT)
SQL injection is an attack technique that exploits a security vulnerability occurring in the database layer of an application and a service. This is most often found within web pages with dynamic content. This paper provides taxonomy on SQL injection prevention and detection approaches. Furthermore, for each type of vulnerability, the authors provide descriptions of how attacks of that type could take advantage of that vulnerability and perform attack. Thy also present and analysis some of existing detection and prevention techniques against SQL injection attacks. Finally, they compare different type of approaches and techniques and provide a list of their deployment requirements.