The Importance of Developing Preventive Techniques for SQL Injection Attacks

Abstract

Many intentionally vulnerable web applications are circulating on the Internet that serve as a legal test ground for practicing SQL injection attacks. For demonstration purposes the attacks will target an Acunetix test web application created using PHP programming language and MySQL relational database. In the practical part, the execution of the attack itself largely depends on the database management system, so the displayed syntax is intended only for the MySQL database management system. Example of an automated attack will be executed on SQLmap in a Linux Kali virtualized environment. Security guidelines with a purpose of protecting databases are also discussed.