An Approach to Detection of SQL Injection Attack Based on Dynamic Query Matching
A large number of web applications, especially those deployed by companies for e-business operations involve high reliability, efficiency and confidentiality. Such applications are often written in script languages like PHP embedded in HTML, allowing establishing connection to databases, retrieving data, and putting them in the Web. One of the most common in web application attacks is SQL Injection. In this an attacker attempts to use malicious crafted input strings so that the dynamic SQL queries generated by the web application is different from the structure designed by the developer. In this paper, an attempt has been made to classify the SQL Injection attacks based on the vulnerabilities in web applications.