Treffer: Comprehensive Study of SQL Injection Attacks Mitigation Methods and Future Directions.

Structured Query Language Injection Attack (SQLIA) as a form of cyber threats are among the most dangerous, easily penetrating the databases, and most web based applications. These are input validation vulnerabilities that can be used to exploit such things as Structured Query Language (SQL) commands that can be used to gain exposure to and access to privileged data, and can be leveraged for compromise of the system as a whole. With this study, we present a comprehensive as well as systematic review of traditional and modern approaches for SQLIAs detection, their mitigation and prevention. The first line of protection against such advanced threats is conventional defenses such as input validation, parameterized queries, secure error handling, but they typically fail in the presence of second order, time based, or obfuscated SQLIAs. For addressing these emerging attack vectors, researchers have developed dynamic ways in the form of pattern matching approach, anomaly detection, cryptographic techniques and artificial intelligence (AI) based security systems. It studies the rise of the use of ML and DL models, especially of Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNN), and ensemble classifiers in achieving high accuracy at detecting sophisticated SQLIAs. Though detection rates are promising, suitable use of an AI based system faces challenges of computational burden, large required datasets and lack of model explainability. The study also calls for urgent attention to emerging platforms NoSQL databases and Natural Language Interfaces to Databases (NLIDBs). Finally, this study goes deeper into the implementation and utility of proactive developer training, security development practices, as well as real time monitoring frameworks including Intrusion Detection Systems (IDS) and honeypots in augmentation of application resilience. Overall, the study suggest a multi layered, adaptive defense strategy, consisting of the real time threat detection through AI technology, behaviour assessment based on context, using federated learning over several domains. This state of the art study synthesizes existing methodologies and offers foundation for future research in cybersecurity professionals and researchers aiming to booster web apps against SQL injection vulnerabilities. [ABSTRACT FROM AUTHOR]

Copyright of Journal of Cyber Security & Risk Auditing is the property of Smart Technologies Academic Press and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)