In today's era, every person is utilizing websites and so many different web applications for online administrations, for example booking of railway tickets, movie ticketing, shopping, communication, and so forth. These websites consist sensitive and confidential information. With the linearity of web applications in the last decade, the unconstructive crash of security has also matured either. SQL injection attack is one such attack where the anonymous user can append SQL code to the input query. This research paper starts with developing criteria for a systematic literature review based on research questions, quality assessment, and data samples. The paper presents various SQL injection techniques with their intended attacks. Further studies explore different techniques to prevent attacks. Existing vulnerabilities of Web systems threaten the regular work of information systems. The most common Web system vulnerability is SQL injection. There are known approaches to protect Web applications against SQL injection attacks in the article. To improve the Web software security is developed defense mechanism that protects Web resources from SQL injection performing. To implement this software it is used PHP, JavaScript, and formal language theory known as regular expressions. As a result, it is received a software tool that allows protecting Web software from SQL injection vulnerability. The developed software tool allows users to protect their Web applications from an attack using SQL.