Proceedings of the International Conference on Enterprise and Industrial Systems (ICOEINS 2023)

<Previous Article In Volume
Next Article In Volume>

The Effectiveness of Parameterized Queries in Preventing SQL Injection Attacks at Go

Authors
Rizaldi Fatah Sidik1, *, Syifa Nurgaida Yutia2, Rana Zaini Fathiyana3
1Telkom University, Jl. Telekomunikasi, 40257, Bandung, Indonesia
2Telkom University, Jl. Telekomunikasi, 40257, Bandung, Indonesia
3Telkom University, Jl. Telekomunikasi, 40257, Bandung, Indonesia
*Corresponding author. Email: zaldisidik@student.telkomuniversity.ac.id
Corresponding Author
Rizaldi Fatah Sidik
Available Online 30 December 2023.
DOI
10.2991/978-94-6463-340-5_18How to use a DOI?
Keywords
Go; HTTP; Parameterized Queries; SQL Injection; Web Vulnerability
Abstract

SQL Injection attacks are one of the common security risks that occur in applications. SQL Injection cases can lead to data and sensitive information leaks, and even potential application data deletion. This research examines the effectiveness of using parameterized queries in the Go programming language as a method of prevention against SQL Injection attacks. Go provides the feature of parameterized queries by using placeholders such as question marks (?) or parameter names. Parameterized queries separate input values from SQL statements and are executed securely by the database driver. In this study, the use of parameterized queries in Go is evaluated to prevent query manipulation by users in the application. The research is conducted by testing four HTTP request operations: GET, POST, PUT, and DELETE, both before and after the use of parameterized queries. The testing results, based on Acunetix Web Vulnerability scanning, prove that all testing operations are vulnerable to SQL Injection when not using parameterized queries, while successfully mitigating SQL Injection attacks when using parameterized queries in Go.

Copyright
© 2023 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

<Previous Article In Volume
Next Article In Volume>
Volume Title
Proceedings of the International Conference on Enterprise and Industrial Systems (ICOEINS 2023)
Series
Advances in Economics, Business and Management Research
Publication Date
30 December 2023
ISBN
978-94-6463-340-5
ISSN
2352-5428
DOI
10.2991/978-94-6463-340-5_18How to use a DOI?
Copyright
© 2023 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

risenwbib
TY  - CONF
AU  - Rizaldi Fatah Sidik
AU  - Syifa Nurgaida Yutia
AU  - Rana Zaini Fathiyana
PY  - 2023
DA  - 2023/12/30
TI  - The Effectiveness of Parameterized Queries in Preventing SQL Injection Attacks at Go
BT  - Proceedings of the International Conference on Enterprise and Industrial Systems (ICOEINS 2023)
PB  - Atlantis Press
SP  - 204
EP  - 216
SN  - 2352-5428
UR  - https://doi.org/10.2991/978-94-6463-340-5_18
DO  - 10.2991/978-94-6463-340-5_18
ID  - Sidik2023
ER  -