Title: Mitigation of SQL injection vulnerability during development of web applications

Authors: Navdeep Kaur; Parminder Kaur

Addresses: Department of Computer Science, Guru Nanak Dev University, Amritsar-143005, Punjab, India ' Department of Computer Science, Guru Nanak Dev University, Amritsar-143005, Punjab, India

Abstract: SQL injection (SQLI) attack is consistently proliferating across the globe. According to Open Web Application Security Project (OWASP) Top Ten Cheat Sheet-2014, SQLI is at top in the list of online attacks. The cause of spread of SQLI is thought to be unsecure software engineering. The software development process itself appears to look at security as an add-on to be checked and deployed towards the end of the software development lifecycle (SDLC) which leads to vulnerabilities in web applications. This paper is an attempt to integrate security during development of web application. The paper introduces a 'grounds-up' approach for developing SQLI free web application. The process of occurrence of SQLI attack is discussed with the help of suitable example. Various security activities desired to mitigate SQLI during software development lifecycle are discussed.

Keywords: SQL injection; SQLI; software security; software development lifecycle; SDLC; security development lifecycle; SDL; threat modelling; security requirements.

DOI: 10.1504/IJWS.2019.102207

International Journal of Web Science, 2019 Vol.3 No.2, pp.104 - 129

Accepted: 14 Jun 2017
Published online: 11 Sep 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article