A Systematic Literature Review on SQL Injection Attacks

With the increasing use of web applications, concerns for data integrity and security have increased manifolds in the current time. The growth in quantity of internet clients and sites has made the web security circumstances progressively extreme. Structured Query Language Injection Attack (SQLIA) is a major threat to web applications. Over the time, many studies have explored the reasons and techniques of these attacks, and also ways to detect and prevent them from happening. This study presents a Systematic Literature Review (SLR) based on the methodology proposed by Kitchenham in 2007. The focus of study is on determining how and why SQLIA are done and how can they be avoided or mitigated. The literature is considered for a time period of four years; 2016 to 2023. Moreover, evaluation has been done, based on limitations and priorities proposed by each technique studied. Attack types with their severity has been reviewed that may help researchers propose new techniques in order to make web applications more secure against SQLIAs.