Abstract
Today businesses all around the world use databases in many different ways to store sensitive data. It is important that the data stored stay safe and does not get into the wrong hands. To perform data management in a database, the language SQL (Structured Query Language) can be used. It is extremely crucial to prevent these databases from being attacked to ensure the security of the users’ sensitive and private data. This journal will focus on the most common way hackers exploit data from databases through SQL injection, and it presents dynamic and static code testing to find and prevent these SQL cyber attacks by comparing two testing tools. It will also present a comparative analysis and static/dynamic code testing of two SQL injection detection tools. Burp Suite and Vega will be used to identify possible flaws in test cases dealing with users’ sensitive and private information. Currently, there are no comparisons of these two open-source tools to quantify the number of flaws these two tools are able to detect. Also, there are no detailed papers found fully testing the open-source Burp Suite and Vega for SQL Injection. These two open-source tools are commonly used but have not been tested enough. A static analyzer detecting SQL Injection will be used to test and compare the results of the dynamic analyzer. In addition, this paper will suggest techniques and methods to ensure the security of sensitive data from SQL injection. The prevention of SQL injection is imperative and it is crucial to secure the sensitive data from potential hackers who want to exploit it.
Highlights
SQL injection has become one the top vulnerabilities that hackers take advantage of in web applications. Since it is number one in the OWASP Top Ten List of Web Application vulnerabilities, it is important to learn about the types of SQL injections and how to detect and prevent them. [15][6] This journal briefly explains the types and the prevention methods that all developers must use in order to ensure a secure web application
In 2014, Kinnaird McQuade researched different types of detection tools for his paper, Open Source Web Vulnerability Scanners: The Cost Effective Choice? This paper showed tests for vulnerabilities in the top open- source/ low-cost detection tools, IRONWASP, ZED Attack Proxy (ZAP), Arachni, and Burp Suite Professional and compared it to high- cost tools such as Acunetix, IBM Appscan, WebInspect, and Netsparker
The process took a while considering for some websites the static analyzer took hours to go through the website and after to physically going through the websites dynamically took from days to weeks
Summary
SQL injection has become one the top vulnerabilities that hackers take advantage of in web applications. Since it is number one in the OWASP Top Ten List of Web Application vulnerabilities, it is important to learn about the types of SQL injections and how to detect and prevent them. [15][6] This journal briefly explains the types and the prevention methods that all developers must use in order to ensure a secure web application. By allowing developers to become aware of this vulnerability, it will prevent future websites from being created poorly and unsecure. This journal will give information about how to detect these SQL Injections statically and dynamically. For the best results, using both the static and dynamic analyzer is significant
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
