Identification and Mitigation Tool for Sql Injection Attacks(SQLIA)

Abstract

Structured Query Language Injection Attack (SQLIA) is a very frequent web security vulnerability. The attacker adds a malicious Structured Query Language (SQL) code to the input field of a web form, so that he can gain access to data or make unauthorized changes to data. A successful malicious SQL injection cause serious consequence to the victimized organization such as financial loss, reputation loss, compliance, and regulatory breaches. There have been several research works on detection and prevention of SQL injection attacks. However, still there is an absence of an advanced single tools for both identification and mitigation of SQL injection attacks. We have proposed an approach to identify and mitigate SQL injection attacks using a single tool and it allows software testers to identify the SQL injection vulnerabilities of their web applications during the testing stages. The proposed approach is based on parameterized queries and user input validation. Our results show that the tool provides 100% accurate and efficient results on identification and mitigation of SQL vulnerabilities.