Critical issue to consider while developing SQL injection prevention mechanism

Abstract

SQL injection vulnerability is the one of the most common web-based application vulnerabilities that can be exploited by SQL injection attack to gain access to restricted data, bypass authentication mechanism and execute unauthorized data manipulation language. Defensive coding is the simple and affordable way to tackle this problem, by applying secure coding in each an every queries used in application. In this paper we provide a detailed background of SQLI attack, we classify defensive coding into different categories, review existing techniques that are related to each technique, and also evaluate such techniques based on number of attacks they were able to stop.We also evaluated each category of approach based on it's deployment requirement related to inheritance. Currently, to the best of our knowledge no papers have classied defensive coding as we do.