Comprehensive Study of SQL Injection Attacks Mitigation Methods and Future Directions
Structured Query Language Injection Attack (SQLIA) as a form of cyber threats are among the most dangerous, easily penetrating the databases, and most web based applications. These are input validation vulnerabilities that can be used to exploit such things as Structured Query Language (SQL) command...
Gespeichert in:
| Veröffentlicht in: | Journal of Cyber Security and Risk Auditing Jg. 2025; H. 4; S. 347 - 365 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
01.12.2025
|
| ISSN: | 3079-5354, 3079-5354 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Structured Query Language Injection Attack (SQLIA) as a form of cyber threats are among the most dangerous, easily penetrating the databases, and most web based applications. These are input validation vulnerabilities that can be used to exploit such things as Structured Query Language (SQL) commands that can be used to gain exposure to and access to privileged data, and can be leveraged for compromise of the system as a whole. With this study, we present a comprehensive as well as systematic review of traditional and modern approaches for SQLIAs detection, their mitigation and prevention. The first line of protection against such advanced threats is conventional defenses such as input validation, parameterized queries, secure error handling, but they typically fail in the presence of second order, time based, or obfuscated SQLIAs. For addressing these emerging attack vectors, researchers have developed dynamic ways in the form of pattern matching approach, anomaly detection, cryptographic techniques and artificial intelligence (AI) based security systems. It studies the rise of the use of ML and DL models, especially of Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNN), and ensemble classifiers in achieving high accuracy at detecting sophisticated SQLIAs. Though detection rates are promising, suitable use of an AI based system faces challenges of computational burden, large required datasets and lack of model explainability. The study also calls for urgent attention to emerging platforms NoSQL databases and Natural Language Interfaces to Databases (NLIDBs). Finally, this study goes deeper into the implementation and utility of proactive developer training, security development practices, as well as real time monitoring frameworks including Intrusion Detection Systems (IDS) and honeypots in augmentation of application resilience. Overall, the study suggest a multi layered, adaptive defense strategy, consisting of the real time threat detection through AI technology, behaviour assessment based on context, using federated learning over several domains. This state of the art study synthesizes existing methodologies and offers foundation for future research in cybersecurity professionals and researchers aiming to booster web apps against SQL injection vulnerabilities. |
|---|---|
| AbstractList | Structured Query Language Injection Attack (SQLIA) as a form of cyber threats are among the most dangerous, easily penetrating the databases, and most web based applications. These are input validation vulnerabilities that can be used to exploit such things as Structured Query Language (SQL) commands that can be used to gain exposure to and access to privileged data, and can be leveraged for compromise of the system as a whole. With this study, we present a comprehensive as well as systematic review of traditional and modern approaches for SQLIAs detection, their mitigation and prevention. The first line of protection against such advanced threats is conventional defenses such as input validation, parameterized queries, secure error handling, but they typically fail in the presence of second order, time based, or obfuscated SQLIAs. For addressing these emerging attack vectors, researchers have developed dynamic ways in the form of pattern matching approach, anomaly detection, cryptographic techniques and artificial intelligence (AI) based security systems. It studies the rise of the use of ML and DL models, especially of Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNN), and ensemble classifiers in achieving high accuracy at detecting sophisticated SQLIAs. Though detection rates are promising, suitable use of an AI based system faces challenges of computational burden, large required datasets and lack of model explainability. The study also calls for urgent attention to emerging platforms NoSQL databases and Natural Language Interfaces to Databases (NLIDBs). Finally, this study goes deeper into the implementation and utility of proactive developer training, security development practices, as well as real time monitoring frameworks including Intrusion Detection Systems (IDS) and honeypots in augmentation of application resilience. Overall, the study suggest a multi layered, adaptive defense strategy, consisting of the real time threat detection through AI technology, behaviour assessment based on context, using federated learning over several domains. This state of the art study synthesizes existing methodologies and offers foundation for future research in cybersecurity professionals and researchers aiming to booster web apps against SQL injection vulnerabilities. |
| Author | Rahman, M M Hafizur Al-olaqi, Mohammed Al-gailani, Ahmed |
| Author_xml | – sequence: 1 givenname: Mohammed surname: Al-olaqi fullname: Al-olaqi, Mohammed – sequence: 2 givenname: Ahmed surname: Al-gailani fullname: Al-gailani, Ahmed – sequence: 3 givenname: M M Hafizur surname: Rahman fullname: Rahman, M M Hafizur |
| BookMark | eNpN0NFOwjAUBuDGYCIi79AX2GzXbju9JChKAjEGuW669kyKspG2M-HtjcCFV-fPyZ__4rsno67vkBDKWV4JDuxxb2MwedphTOaYF6woc5lzfkPGgtUqK0UpR__yHZnG6BtW8VoJATAm23l_OAbcYRf9D9JNGtyJ9i3dvK_ostujTb7v6CwlY78iXfvkP835tca0612kpnN0MaQhIH3y4dKPD-S2Nd8Rp9c7IdvF88f8NVu9vSzns1VmecFTppTAxgITxpXG2dowKFFWVkrTOBDcIgCvASxzRSG4rAujULZgFRgAocSEwGXXhj7GgK0-Bn8w4aQ502chfRbSVyH9J6Sl5lz8AsUSYNk |
| ContentType | Journal Article |
| CorporateAuthor | King Faisal University |
| CorporateAuthor_xml | – name: King Faisal University |
| DBID | AAYXX CITATION |
| DOI | 10.63180/jcsra.thestap.2025.4.11 |
| DatabaseName | CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| DeliveryMethod | fulltext_linktorsrc |
| EISSN | 3079-5354 |
| EndPage | 365 |
| ExternalDocumentID | 10_63180_jcsra_thestap_2025_4_11 |
| GroupedDBID | AAYXX CITATION M~E |
| ID | FETCH-LOGICAL-c121t-993ebc803ad5adc7a085e46c44abd831ce881788c0d2231472a9e4f8c98a88393 |
| ISSN | 3079-5354 |
| IngestDate | Sat Nov 29 07:30:08 EST 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Issue | 4 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c121t-993ebc803ad5adc7a085e46c44abd831ce881788c0d2231472a9e4f8c98a88393 |
| PageCount | 19 |
| ParticipantIDs | crossref_primary_10_63180_jcsra_thestap_2025_4_11 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-12-01 |
| PublicationDateYYYYMMDD | 2025-12-01 |
| PublicationDate_xml | – month: 12 year: 2025 text: 2025-12-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | Journal of Cyber Security and Risk Auditing |
| PublicationYear | 2025 |
| SSID | ssib061793388 |
| Score | 1.929792 |
| Snippet | Structured Query Language Injection Attack (SQLIA) as a form of cyber threats are among the most dangerous, easily penetrating the databases, and most web... |
| SourceID | crossref |
| SourceType | Index Database |
| StartPage | 347 |
| Title | Comprehensive Study of SQL Injection Attacks Mitigation Methods and Future Directions |
| Volume | 2025 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources customDbUrl: eissn: 3079-5354 dateEnd: 99991231 omitProxy: false ssIdentifier: ssib061793388 issn: 3079-5354 databaseCode: M~E dateStart: 20250101 isFulltext: true titleUrlDefault: https://road.issn.org providerName: ISSN International Centre |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1LbxMxELaiwoELAgHiLR-4VQ7ZtdfrPUZVqx5IBX1Iva28tpekijZlu60KB34VP5AZ25tsC4iHhCKtIq882mS-fDOezIOQNy63YFRFwqTNaiacyFgFhoHlwHyGSwsnEOuHTeQHB-r0tHg_Gn3ra2GulnnTqOvr4vy_qhrWQNlYOvsX6l4LhQV4D0qHK6gdrn-kePyFt24eE9OP-qbRRx_eARmcuTAafNp1WFy_PVuEHhsr_MsGZ0mHls17vtNIz4d9RO9HH3bnc-XaGLPvQienQ8xVn2KtR28UEU5LBkfoTz5zYLaaY7TcDu591ItlmC21PZ0Pbh3qeQzQzuC1r-vFl8t2GKdIs0HOh6czIJOCZTy0jB67n6xFPsbNA-SJAb3y0J0zWmoepkzcNgISaArTJs_MRavHHY4d09iZNM3GYhyZ_Ubf7Vv2cJ2lCOcjL6v0ksooqURJpSixoPxOmmcFJhLOvu72LCaR8rgfeLr-eCGFzAt7-4vHGvhFAwfn-AG5H7VKpwFRD8nINY_IyQ00UY8muqopoImu0UQjmugGTTSiiQIkaEAT3aDpMTnZ2z3e2WdxEgczSZp0DJxYVxk14dpm2ppcg6PuhDRC6MoqnhinVJIrZSYW3M1E5KkunKiVKZRW4ILzJ2SrWTXuKaHC2SqTqpbcVKJ2qa5kPZFgVwRsc3byjCT991Ceh4Yr5e8U8fwf9rwg9zYofUm2uvbSvSJ3zVW3uGhfe41-B-srgrk |
| linkProvider | ISSN International Centre |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Comprehensive+Study+of+SQL+Injection+Attacks+Mitigation+Methods+and+Future+Directions&rft.jtitle=Journal+of+Cyber+Security+and+Risk+Auditing&rft.au=Al-olaqi%2C+Mohammed&rft.au=Al-gailani%2C+Ahmed&rft.au=Rahman%2C+M+M+Hafizur&rft.date=2025-12-01&rft.issn=3079-5354&rft.eissn=3079-5354&rft.volume=2025&rft.issue=4&rft.spage=347&rft.epage=365&rft_id=info:doi/10.63180%2Fjcsra.thestap.2025.4.11&rft.externalDBID=n%2Fa&rft.externalDocID=10_63180_jcsra_thestap_2025_4_11 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=3079-5354&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=3079-5354&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=3079-5354&client=summon |