Web applications have become widely pervasive in all types of Internet-based services. Thus, security is one of the major concerns as most web applications suffer from vulnerabilities, making them attractive targets for security attacks. Structured Query Language Injection Attack (SQLIA) on stored procedures poses serious threats in the underlying database of any application. This article presents the methodological issues of developing a web application SQLI protector tool to detect stored procedures of SQLIAs. Our technique uses real-time settings based on positive tainting approach, accurate and efficient taint propagation and syntax-aware evaluation of the query strings at the application level are used to detect illegal queries before they reach the database. Then, the proposed tool is evaluated based on its efficiency and effectiveness in practices. In addition, detection techniques used are also analysed. The developed tool is effective given its capability to detect and stop all SQLIAs in a real-time environment.
نبيل صالح علي | Nabeel Salih Ali | 9769