SQL Injection: Attacking & Prevention Techniques
In this paper the authors speak about the improvement in the development process of the application to avoid the SQLIA attack at the preliminary level, especially at the source code itself. They discuss about the possible methods to attack an SQLIA providing the pseudo code for better understanding. A prototype of the solution i.e. consolidating the validation into a single custom component termed as Injection Box Control (IBC) that takes care of all the possible preventive measures for controlling the SQLIA at the source code level itself.