Blocking of SQL Injection Attacks by Comparing Static and Dynamic Queries

Abstract

Due to internet expansion web applications have now become a part of everyday life. As a result a number of incidents which exploit web application vulnerabilities are increasing. A large number of these incidents are SQL Injection attacks which are a serious security threat to databases which contain sensitive information, the leakage of which cause a large amount of loss. SQL Injection Attacks occur when an intruder changes the query structure by inserting any malicious input. There are a number of methods available to detect and prevent SQL Injection Attacks. But these are too complex to use. This paper proposes a very simple, effective and time saving technique to detect SQLIAs which uses combined static and dynamic analysis and also defines an attack other than existing classification of SQLIAs.