A Strategies for Identifying and Mitigating SQL Injection Vulnerabilities in Android Mobile Applications: A Literature Review
Article Sidebar
Main Article Content
Abstract
Mobile applications today have had to implement countermeasures against threats that compromise the security of users' personal data. Injection vulnerabilities such as SQL injection is a common threat that affects the security of mobile applications, and can allow attackers to scan, modify or destroy personal files important to users. Thus, it highlights the importance of the study by providing mitigation and identification strategies for developers as security for common app users. Therefore, the objective of this study is to conduct an analysis/collection/compilation of literature related to SQL injection vulnerability identification and mitigation strategies in Android mobile applications. The methodology adopted in this study is Systematic Literature Review, also known by its acronym SLR, which involves a process of collecting and analyzing information from primary sources on this specific topic. Since, the scope of this research focuses on this methodology, the results of this study highlight the risks associated with this vulnerability, as well as identification and mitigation strategies based on the different approaches gathered through the search and study selection process.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
1. Derechos de autor
Las obras que se publican en 593 Digital Publisher CEIT están sujetas a los siguientes términos:
1.1. 593 Digital Publisher CEIT, conserva los derechos patrimoniales (copyright) de las obras publicadas, favorece y permite la reutilización de las mismas bajo la licencia Licencia Creative Commons 4.0 de Reconocimiento-NoComercial-CompartirIgual 4.0, por lo cual se pueden copiar, usar, difundir, transmitir y exponer públicamente, siempre que:
1.1.a. Se cite la autoría y fuente original de su publicación (revista, editorial, URL).
1.1.b. No se usen para fines comerciales u onerosos.
1.1.c. Se mencione la existencia y especificaciones de esta licencia de uso.
Anthony German Arteaga-Barragán , Pontificia Universidad Católica del Ecuador Sede Ambato - Ecuador
https://orcid.org/0000-0001-5033-1850
Computer Science Engineer from Universidad Tecnológica Indoamérica. My academic and professional career has focused on the field of mobile and web application development.
José Marcelo Balseca-Manzano , Pontificia Universidad Católica del Ecuador Sede Ambato - Ecuador
https://orcid.org/my-orcid?orcid=0000-0003-1517-0013
Mg. José Marcelo Balseca Manzano Tenured professor for 10 years at the Pontifical Catholic University of Ecuador, director of the research project Model and procedure of management and information tools to promote tourism in the province of Tungurahua projected for 5 years. General Manager of GRUPO MarBal, a company dedicated to offering cloud technology services or web servers. I held positions as systems administrator, director and coordinator of IT projects in both the public and private sectors.
References
Ami, A. S., Kafle, K., Moran, K., Nadkarni, A., & Poshyvanyk, D. (2021). Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques. ACM Transactions on Privacy and Security, 24(3). https://doi.org/10.1145/3439802
Andrew Buck. (2023, December 8). 57 Mobile App Download, Usage and Revenue Statistics for 2024 | MobiLoud. https://www.mobiloud.com/es/blog/estad%C3%ADsticas-de-aplicaciones-m%C3%B3viles
Android Developers. (s/f). Inyección de SQL | App quality | Android Developers, de https://developer.android.com/privacy-and-security/risks/sql-injection?hl=es-419.
Apruzzese, G., Laskov, P., Montes De Oca, E., Mallouli, W., Brdalo Rapa, L., Grammatopoulos, A. V., & Di Franco, F. (2023). The Role of Machine Learning in Cybersecurity. Digital Threats: Research and Practice, 4(1). https://doi.org/10.1145/3545574
Arroyo Guardeño, D., Gayoso Martínez, V., & Hernández Encinas, L. (2020). Ciberseguridad. Editorial CSIC Consejo Superior de Investigaciones Científicas. https://elibro.puce.elogim.com/es/lc/puce/titulos/172144
Brun, Y., Lin, T., Somerville, J. E., Myers, E. M., & Ebner, N. (2023). Blindspots in Python and Java APIs Result in Vulnerable Code. ACM Transactions on Software Engineering and Methodology, 32(3). https://doi.org/10.1145/3571850
Carrizo, D., Moller, C., Carrizo, D., & Moller, C. (2018). Estructuras metodológicas de revisiones sistemáticas de literatura en Ingeniería de Software: un estudio de mapeo sistemático. Ingeniare. Revista chilena de ingeniería, 26, 45–54. https://doi.org/10.4067/S0718-33052018000500045
Deverashetti, M., Ranjitha, K., & Pradeepthi, K. V. (2022). Security analysis of menstruation cycle tracking applications using static, dynamic and machine learning techniques. Journal of Information Security and Applications, 67. https://doi.org/10.1016/j.jisa.2022.103171
Gajrani, J., Tripathi, M., Laxmi, V., Somani, G., Zemmari, A., & Gaur, M. S. (2020). Vulvet: Vetting of Vulnerabilities in Android Apps to Thwart Exploitation. Digital Threats: Research and Practice, 1(2). https://doi.org/10.1145/3376121
Garg, S., & Baliyan, N. (2022). M2VMapper: Malware-to-Vulnerability mapping for Android using text processing. Expert Systems with Applications, 191. https://doi.org/10.1016/j.eswa.2021.116360
Google Android : Security vulnerabilities, CVEs sql injection. (2023). cvedetails.com. https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/opsqli-1/Google-Android.html
Han, Y., Ji, X., Wang, Z., & Zhang, J. (2023). Systematic Analysis of Security and Vulnerabilities in Miniapps. Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, 1–9. https://doi.org/10.1145/3605762.3624432
Juan Manzano. (2021, May 6). Ciberataque en proveedores: Caso Accellion - BDO. https://www.bdo.es/es-es/blogs/coordenadas-bdo/mayo-2021/ciberataque-en-proveedores-accellion
Justin Clarke-Salt. (2012). SQL Injection Attacks and Defense: Vol. 2nd ed. Syngress.
Kalouptsoglou, I., Siavvas, M., Ampatzoglou, A., Kehagias, D., & Chatzigeorgiou, A. (2023). Software vulnerability prediction: A systematic mapping study. In Information and Software Technology (Vol. 164). Elsevier B.V. https://doi.org/10.1016/j.infsof.2023.107303
Krohmer, D., Sharma, K., & Chen, S. (2022). Adapting Static Taint Analyzers to Software Marketplaces: A Leverage Point for Mass Vulnerability Detection? SCORED 2022 - Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, Co-Located with CCS 2022, 73–82. https://doi.org/10.1145/3560835.3564553
Narcisa Dolores Piza Burgos, Francisco Alejandro Amaiquema Márquez, & Gina Esmeralda Beltrán Baquerizo. (2019). Métodos y técnicas en la investigación cualitativa. Algunas precisiones necesarias. http://scielo.sld.cu/scielo.php?script=sci_arttext&pid=S1990-86442019000500455.
OWASP Foundation. (2021). A03 Injection - OWASP Top 10:2021. https://owasp.org/Top10/A03_2021-Injection/
Senanayake, J., Kalutarage, H., Al-Kadri, M. O., Petrovski, A., & Piras, L. (2023). Android Source Code Vulnerability Detection: A Systematic Literature Review. In ACM Computing Surveys (Vol. 55, Issue 9). Association for Computing Machinery. https://doi.org/10.1145/3556974
Srinivasa Rao Kotipalli, M. A. I. (2016). Hacking Android: EBSCOhost.
Urcuqui, C. C., & Navarro Cadavid, A. (2022). Ciberseguridad: los datos tienen la respuesta. Editorial Universidad Icesi.
Velásquez, & Juan D. (2015). Una Guía Corta para Escribir Revisiones Sistemáticas de Literatura Parte 3. https://doi.org/10.15446/dyna.v82n189.48931
Wang, P., Liu, S., Liu, A., & Jiang, W. (2023). Detecting Security Vulnerabilities with Vulnerability Nets. Journal of Systems and Software, 111902. https://doi.org/10.1016/j.jss.2023.111902
Yuri Diogenes, & Dr. Erdal Ozkaya. (2019). Cybersecurity – Attack and Defense Strategies: Counter Modern Threats and ...: EBSCOhost. https://pwebebsco.puce.elogim.com/ehost/detail/detail?vid=6&sid=a0357c86-9466-41c1-bca3-eb44829a02ac%40redis&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN=2344998&db=nlebk