Analysis of Methods for Detecting Vulnerabilities of Web Resources to SQL Injections

Abstract

This article examines the issue of SQL injection vulnerabilities in web applications and the use of automated scanners to detect these vulnerabilities. It begins with a description of SQL injections and their consequences, as well as manual testing for vulnerabilities. The article goes on to analyze various automated vulnerability scanners, including Acunetix, Burp Suite, Nessus, OpenVAS, SQLMap, OWASP ZAP, and Nikto. Each scanner has its advantages and disadvantages, as well as the level of detail and functionality. The article concludes with conclusions that emphasize the importance of understanding SQL injection risks and using the right tools to detect them. It is emphasized that automated scanners are not a one-size-fits-all solution and must be accompanied by manual verification and analysis. The article points to the need for constant updates of scanners and a combination of automated and manual methods to ensure the highest level of security. It provides readers with a useful overview of the various aspects and aspects of using automated SQL injection vulnerability scanners in web applications.