Litcius/Paper detail

A Survey on Detection and Prevention of SQL and NoSQL Injection Attack on Server-side Applications

Mehjabeen Shachi, Nurnaby Siddiqui Shourav, Abu Syeed Sajid Ahmed, Afsana Afrin Brishty, Nazmus Sakib

2021International Journal of Computer Applications16 citationsDOIOpen Access PDF

Abstract

Attacks concerning data can be considered as an intense security threat. A couple of major cyberattacks on eminent database-driven web applications are SQL and NoSQL injection. Confidential data might be revealed to the hacker if the database is injected with malicious codes. Due to inadequate user input validation SQL injection brings a serious threat to the database by leaking proprietary information. Relational and non relational databases are very much vulnerable to these threats. NoSQL database shows higher performance than SQL database regarding efficient storage criteria and data retrieval time. It is flexible for handling big data and is considered to be more secure. Despite these facts and its growing popularity NoSQL databases are also vulnerable to injection attacks. Because of using a different query language, NoSQL injection is irrelevant to traditional SQL injection. Still, SQL and NoSQL injections are quite similar in this sense that both of the attacks rely on suspicious input execution on the server. So, it is a critical issue for non-relational databases as well. In this paper, numerous injection attacks are discussed along with detection and the countermeasures against SQL and NoSQL injection.

Topics & Concepts

Computer scienceNoSQLSql serverDatabaseSQLClient-sideComputer securityWorld Wide WebScalabilityWeb Application Security VulnerabilitiesAdvanced Malware Detection TechniquesNetwork Security and Intrusion Detection
A Survey on Detection and Prevention of SQL and NoSQL Injection Attack on Server-side Applications | Litcius