SQL INJECTION – PREVENTION AND DEFENSE

SQL injection is one of the most serious security threats to applications that have their own database. In fact, it allows the attacker to gain control of the application database by giving attacker the ability to modify the data. Many researchers have been trying to solve this problem. They have suggested different approaches to detect and prevent this vulnerability, but even these approaches do not fully represent a successful solution. This paper introduces several types of SQL injection attacks, as well as various tools and methods that can provide some prevention and defense against these attacks. Various methods have been proposed to address the problem of SQL injection attacks in the form of extensive reviews of variations of SQL injection attacks. Also, descriptions and examples were offered in order to understand their adverse impact and the consequences better.This paper also provides a brief overview of what some authors suggest when it comes to preventing and defending from SQL injection. Finally, a conclusion is drawn with an objective review and analysis of the overall research. The main contribution of the paper is an overview of the research available so far, limited to relational databases and categorized on: a) prevention of SQL injection and b) defence from SQL injection.