Investigation framework of web applications vulnerabilities, attacks and protection techniques in structured query language injection attacks

Web security has become a great challenge in recent years. Structured Query Language Injection Attack (SQLIA) is a prevalent and dominant class of the serious web application attacks. A crafter can easily get illegal access to the underlying database in the web application thereby gaining full control of the system and causing millions of dollars loss for corporations. In this paper, we provide a comprehensive study of web applications and investigate their vulnerabilities, attacks, and protection techniques against SQLIA Attacks. The study includes presenting a taxonomy of the SQLIAs investigation framework, conducts a detailed review of the various previous SQLI attacks protection techniques, as well as a summary and analysis of a critical review (strengths and weaknesses) of the detection and prevention techniques that have been done to address such attacks. Finally, it highlights and focuses on the critical and important directions or protection approaches that require more studies by future researchers. © 2018 Inderscience Enterprises Ltd.