{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:49:12Z","timestamp":1750308552674,"version":"3.41.0"},"reference-count":20,"publisher":"Association for Computing Machinery (ACM)","issue":"6","license":[{"start":{"date-parts":[[2014,12,9]],"date-time":"2014-12-09T00:00:00Z","timestamp":1418083200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGSOFT Softw. Eng. Notes"],"published-print":{"date-parts":[[2014,12,9]]},"abstract":"<jats:p>Day after day, SQL Injection (SQLI) attack is consistently proliferating across the globe. According to Open Web Application Security Project (OWASP) Top Ten Cheat Sheet-2014, SQLI is at top in the list of online attacks. The cause of spread of SQLI is thought to be Unsecure Software Engineering. The Software Development process itself appears to look at security as an add-on to be checked and deployed towards the end of the software development lifecycle which leads to vulnerabilities in web applications. This paper is an attempt to integrate security in early stages of SDLC i.e. in design phase to mitigate SQLI vulnerability. How SQLI attack happens is illustrated. Threat Modeling is performed to mitigate the SQLI vulnerability.<\/jats:p>","DOI":"10.1145\/2674632.2674638","type":"journal-article","created":{"date-parts":[[2014,12,16]],"date-time":"2014-12-16T13:39:54Z","timestamp":1418737194000},"page":"1-6","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Mitigation of SQL Injection Attacks using Threat Modeling"],"prefix":"10.1145","volume":"39","author":[{"given":"Navdeep","family":"Kaur","sequence":"first","affiliation":[{"name":"Guru Nanak Dev University, Punjab, India"}]},{"given":"Parminder","family":"Kaur","sequence":"additional","affiliation":[{"name":"Guru Nanak Dev University, Punjab, India"}]}],"member":"320","published-online":{"date-parts":[[2014,12,9]]},"reference":[{"volume-title":"Last Visited","year":"2014","key":"e_1_2_1_1_1"},{"volume-title":"Available at: http:\/\/cwe.mitre.org\/top25\/, last visited","year":"2013","author":"Common Weakness Enumeration","key":"e_1_2_1_2_1"},{"edition":"2","volume-title":"Writing Secure Code","author":"Howard M.","key":"e_1_2_1_3_1"},{"volume-title":"Requirements Engineering: Processes and Techniques","year":"1998","author":"Kotonya G.","key":"e_1_2_1_4_1"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.84"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.88"},{"volume-title":"Available at: http:\/\/blogs.msdn.com\/b\/sdl\/archive\/2014\/04\/15\/introducing-microsoft-threat-modeling-tool-2014.aspx, last visited","year":"2014","author":"Microsoft Threat Modeling Tool","key":"e_1_2_1_7_1"},{"volume-title":"Available at: https:\/\/www.owasp.org\/index.php\/Main_Page, last visited","year":"2014","author":"OWASP","key":"e_1_2_1_8_1"},{"volume-title":"Last Visited","year":"2014","author":"Security","key":"e_1_2_1_9_1"},{"volume-title":"Available at : http:\/\/www.sans.org\/reading-room\/whitepapers\/secure code\/security-checklist-webapplication-design-1389, last visited","year":"2014","author":"Security","key":"e_1_2_1_10_1"},{"volume-title":"Available at: http:\/\/www.shields-project.eu\/?q=node\/30, last visited","year":"2014","author":"Sea Monster Tool","key":"e_1_2_1_11_1"},{"volume-title":"Available at: http:\/\/www.shields-project.eu\/?q=node\/14,Last visited","year":"2013","author":"SHIELDS","key":"e_1_2_1_12_1"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-004-0194-4"},{"volume-title":"Available at: http:\/\/efytimes.com\/e1\/fullnews.asp?edid=132535, last visited:5","year":"2014","author":"Injection","key":"e_1_2_1_14_1"},{"volume-title":"Improving Web Application Security: Threats and Countermeasures","year":"1842","author":"Threats","key":"e_1_2_1_15_1"},{"volume-title":"Improving Web Application Security: Threats and Countermeasures","year":"1842","author":"Threat Modeling","key":"e_1_2_1_16_1"},{"volume-title":"Last Visited","year":"2014","author":"Threat Modeling","key":"e_1_2_1_17_1"},{"volume-title":"Last Visited","year":"2014","author":"TRIKE","key":"e_1_2_1_18_1"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.55"},{"key":"e_1_2_1_20_1","unstructured":"William J. and Wichers D. 2013. OWASP Top 10-2013: The Ten Most Critical Web Application Security risks. Available at http:\/\/owasptop10.googlecode.com\/files\/OWASP%20Top%2010%20-%202013.pdf  William J. and Wichers D. 2013. OWASP Top 10-2013: The Ten Most Critical Web Application Security risks. Available at http:\/\/owasptop10.googlecode.com\/files\/OWASP%20Top%2010%20-%202013.pdf"}],"container-title":["ACM SIGSOFT Software Engineering Notes"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2674632.2674638","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2674632.2674638","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:03:49Z","timestamp":1750273429000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2674632.2674638"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,12,9]]},"references-count":20,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2014,12,9]]}},"alternative-id":["10.1145\/2674632.2674638"],"URL":"https:\/\/doi.org\/10.1145\/2674632.2674638","relation":{},"ISSN":["0163-5948"],"issn-type":[{"type":"print","value":"0163-5948"}],"subject":[],"published":{"date-parts":[[2014,12,9]]},"assertion":[{"value":"2014-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}