Science and Development Network (SciDev.Net)
SQLIA, attacker injects an input in the query in order to change the structure of the query intended by the programmer and therefore, gain access to the data in the underlying database. Due to the significance of the stored data, web application's security against SQLIA is vital. In this paper, the authors propose a new technique based on static analysis and runtime validation for detection and prevention of SQLIAs. In this technique user inputs in SQL queries are removed and some information is gathered in order to make the detection easier and faster at runtime. Their experiments show that their proposed technique is fast, it has a low error rate and its detection rate is nearly 100%.