A Systematic Review and Taxonomy of SQL Injection Defense Techniques

This paper is focused on building a taxonomy of SQL injection defense techniques and classifying current methods according to that taxonomy. A systematic literature review (SLR) is conducted using the five major e-databases; IEEE, ACM, Engineering Village (Inspec/Compendex), ISI web of science and Scopus. 61 defense techniques were found and based on these techniques, a taxonomy of SQL injection defense techniques was built. The taxonomy consists of various dimensions which can be grouped under two higher order terms; detection method and evaluation criteria. The taxonomy provides a basis for comparison of different defense techniques. Organization(s) can use our taxonomy to choose suitable defenses depending on their available resources and environments. Moreover, this classification can lead towards a number of future research directions in the field of SQL injection prevention.