Date Added: Mar 2012
The main aim of this paper was to develop and evaluate securely web-based application for construction material testing using object-oriented technology and parameterized queries for SQL command queries. The SQL queries for the web application of construction material testing were modified by adjusting their codes which included connection strings, authorization bypass and execute commands. Detection of SQL injection vulnerability was conducted by expertise and two automatic web vulnerability scanning tools. It was found that the parameterized queries could minimize the SQL injection flaws of the web application significantly.