SQL injection attacks

Abstract

SQL Injection (SQLi) attacks continue to pose significant threats to modern web applications, compromising data integrity and confidentiality. This research delves into the development and evaluation of methodologies designed to detect and mitigate these malicious attacks. Employing a diverse set of web applications, the study unfolds in a controlled environment, simulating real-world conditions to assess the effectiveness of current defense mechanisms against SQLi. Building upon this baseline, the research introduces a two-pronged defense mechanism: a Static Analysis Tool to pre-emptively identify vulnerabilities in application code and a Runtime Query Sanitizer that employs rule-based patterns and machine learning models to scrutinize and sanitize SQL queries in real-time. Performance evaluation metrics, encompassing detection rate, false positives, response time, and machine learning efficiency, are meticulously documented. Further robustness of these mechanisms is ascertained through real-world simulations involving unsuspecting users and ethical hackers. Initial results indicate promising potential for the introduced methodologies in safeguarding web applications against SQLi attacks. The study's findings serve as a critical step towards fortifying web applications, emphasizing the amalgamation of static analysis and real-time query sanitization as an effective countermeasure against SQLi threats.