Model Based Approach to Prevent SQL Injection Attacks on .NET Applications
Web applications support static and dynamic queries to access the database. Dynamic queries take input from the user and use that input to form the query. A user can give malicious input to the application which results in an incorrect query or an unauthorized query and performs vulnerable action on the database. In this paper, the authors presented an approach to prevent SQL Injection Attack (SQLIA) on .Net applications using static and dynamic analysis of the queries. The paper explains comparison of Dynamic query model and static query model in order to validate the query before sending it to the database. The result obtained proves that their designed tool has achieved prevention from SQL injection at greater extend.