An Efficient Model to Detect and Prevent SQL Injection Attack

Abstract

SQL injection attack (SQLIA) is considered one of most threats used to attack web applications. Therefore, attackers used SQL injection vulnerability to gain ultimate access to databases that belong to applications and expose their sensitive information. Thus, attackers use SQL injections vulnerability to manipulate data also it could be used to take full control of the target machine. Accordingly, several methods were proposed in the literature to address this vulnerability widely because of its importance and high impact on the security of web applications. Thus, we propose a model to detect and prevent SQL injection attacks, which uses runtime validation to detect the occurrence of such attacks, our proposed model is adaptable to any existing system, with no need to modify the client or server and either no need to know web application source code. Furthermore, the modification independence is done by adding additional middleware between client and server. Thus, any check process is done on this middleware, and it is represented as a proxy that can do sanitize the inputs for detecting and preventing SQLIA. Furthermore, our proposed model accuracy reaches 86:6% for detecting and preventing SQLIA.