Quality of SQL Code Security on StackOverflow and Methods of Prevention

Author

Robert Klock, Oberlin College

Author ORCID Identifier

http://orcid.org/0000-0001-9153-3715

Degree Year

2021

Document Type

Thesis - Open Access

Degree Name

Bachelor of Arts

Department

Computer Science

Advisor(s)

Cynthia Taylor

Keywords

StackOverflow, SQL Injection, Security, Text mining, Machine learning

Abstract

This paper explores the frequency at which SQL/PHP posts on the website Stackoverflow.com contain code susceptible to SQL Injection, a common database vulnerability. Specifically, we analyze whether other users give notice of the vulnerability or provide an answer that is secure. The majority of questions analyzed were vulnerable to SQL Injection and were not corrected in their answers or brought to the attention of the original poster. To mitigate this, we present a machine learning bot which analyzes the poster’s code and alerts them of potential injection vulnerabilities, if necessary.

Repository Citation

Klock, Robert, "Quality of SQL Code Security on StackOverflow and Methods of Prevention" (2021). Honors Papers. 835.
https://digitalcommons.oberlin.edu/honors/835