DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS

Abstract

SQL Injection attacks are still one type of attack that often occurs in web-based applications. The causes and ways to prevent SQL Injection have been widely explained in various sources. Unfortunately, until now, SQL Injection vulnerabilities are still often found in multiple applications. Web-based application frameworks that already have functions to protect against attacks are often not used optimally. This is inseparable from the role of programmers, who often forget the rules for writing program code to prevent SQL Injection attacks. We conducted this research to detect SQL Injection vulnerabilities in source code using a case study of the PHP CodeIgniter framework. We compared this research with static analysis tools like RIPS, Synopsys Coverity, and Sonarqube. The tool we have developed can detect SQL Injection vulnerabilities that cannot be detected by the two tools with an accuracy of 88.8%. The results of our research can provide suggestions for programmers so that they can improve the code they write.