Detection and Analysis of Attacks Against Web Services by the SQL Injection Method

Abstract

SQL injection is a security vulnerability resulting from unauthorized access to the victim database and services by attackers. Harmful codes can be injected into the victim database, all information in the database can be accessed or the database can be deleted completely and rendered unusable by using the SQL injection method. SQL injection attacks are a simple and effective method, used frequently in hacking attacks against Web services. Despite all measures taken, SQL injection attacks continue to increase. The academic studies in this field are usually theoretical, having limited practical aspects. In this study, an SQL injection attack case against a web service was examined in detail. The study aims to evaluate the SQL injection attacks in practice.