Injection Attack Detection Using the Removal of SQL Query Attribute Values

Abstract

The expansion of the Internet has made web applications become a part of everyday life. As a result the number of incidents which exploit web application vulnerabilities are increasing. A large percentage of these incidents are SQL Injection attacks which are a serious security threat to databases with potentially sensitive information. Therefore, much research has been done to detect and prevent these attacks and it resulted in a decline of SQL Injection attacks. However, there are still methods to bypass them and these methods are too complex to implement in real web applications. This paper proposes a simple and effective SQL Query removal method which uses Combined Static and Dynamic Analysis and evaluates the efficiency through various experiments.