SQLAS: Tool To Detect And Prevent Attacks In Php Web Applications

Abstract

Web applications become an important part of our daily lives. Many other activities are relay on the functionality and security of these applications. Web application injection attacks, such as SQL injection (SQLIA), Cross-Site Scripting (XSS) and Cross-Site Request Forgery (XSRF) are major threats to the security of the Web Applications. Most of the methods are focused on detection and prevention from these web application vulnerabilities at Run Time, which need manual monitoring efforts. Main goal of our work is different in the way it aims to create new systems that are safe against injection attacks to begin with, thus allowing developers the freedom to write and execute code without having to worry about these attacks. In this paper we present SQL Attack Scanner (SQLAS) a Tool which can detect & prevent SQL injection Attack in web applications. We analyzed the performance of our proposed tool SQLAS with various PHP web applications and its results clearly determines the effectiveness of detection and prevention of our proposed tool. SQLAS scans web applications offline, it reduces time and manual effort due to less overhead of runtime monitoring because it only focus on fragments that are vulnerable for attacks. We use XAMPP for client server environment and developed a TESTBED on JAVA for evaluation of our proposed tool SQLAS.