Abstract
SQL injection is one of well-known web application vulnerabilities. SQL injection is a type of attack which attacker attempts to insert malicious SQL query through none sanitized variables into the web application. Consequently web application will concatenate the variable with the legitimate query and will send it to the database for execution. In result of a successful SQL injection attack, the attacker can read from the database or modify entities of the database (Insert, Delete, Update). Currently different types of defense systems are available to defeat this vulnerability. However some of these techniques needs to stop the existence web application and patch the vulnerability, and since this process might be time consuming, it is not very practical for companies to stop their online services. To address this problem we proposed a model which can generally patch the SQL injection vulnerability. The model is not dependent on the language which the web application is written in and the amount of necessary changes in the application is low. The model can be implemented as a library which can be include in the vulnerable web application by calling one line of code.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call