A Security Analysis Tool For Web Application Reinforcement Against SQL Injection Attacks (SQLIAs)

In SQLIA, attacker injects an input in the query in order to change the structure of the query intended by the programmer and therefore, gain access to the data in the underlying database. Due to the significance of the stored data, web application's security against SQLIA is vital. In this paper we propose a tool that is capable of reporting the transformations needed to reinforce the security of a Java-based web application and its database against SQLIAs. This tool which is based on static analysis and runtime validation uses our new technique for detection and prevention of SQLIAs. In our technique user inputs in SQL queries are removed and some information is gathered in order to make the detection easier and faster at runtime. According to these information the tool reports the transformations needed and the location of the transformations in source code and therefore after applying the transformations the result would be a reinforced web application against SQLIAs.