Mitigation of SQL injection vulnerability during development of web applications

Abstract

SQL injection (SQLI) attack is consistently proliferating across the globe. According to Open Web Application Security Project (OWASP) Top Ten Cheat Sheet-2014, SQLI is at top in the list of online attacks. The cause of spread of SQLI is thought to be unsecure software engineering. The software development process itself appears to look at security as an add-on to be checked and deployed towards the end of the software development lifecycle (SDLC) which leads to vulnerabilities in web applications. This paper is an attempt to integrate security during development of web application. The paper introduces a 'grounds-up' approach for developing SQLI free web application. The process of occurrence of SQLI attack is discussed with the help of suitable example. Various security activities desired to mitigate SQLI during software development lifecycle are discussed.