Enhancing SQL Injection Attack Prevention: A Framework for Detection, Secure Development, and Intelligent Techniques

Abstract

SQL injection attacks (SQLIAs) pose increasing threats as more organizations adopt vulnerable web applications and databases. By manipulating queries, SQLIAs access and destroy confidential data. This paper delivers three contributions around improving SQLIA detection research: first, a literature review assessing current detection/prevention systems to produce an SQL injection detection framework; second, specialized deep learning models optimizing session pattern analysis and feature engineering to enhance performance; third, comparing proposed models against previous defenses to surface promising research directions. Results highlight opportunities like real-time systems generalizing across attack variants through emerging techniques. Additionally, with attack complexity rising, systematized SQLIA investigation is warranted. Despite extensive study, current perspectives lack cohesive guidance informing mitigation strategies. Therefore, a framework is proposed holistically mapping knowledge gaps around contemporary SQLIAs, seminal threats in web applications, and security solutions. Furthermore, a multi-faceted framework examines research trends divided into hardening existing apps, detecting attacks on production systems, and integrating secure development practices. Literature suggests comprehensive resilience requires concurrent strength across these areas. Finally, future work remains in integrated frameworks, deep reinforcement learning adoption, automated AI auditing, and differential privacy to advance real-world SQL injection detection and prevention.