SQL injection is a type of attacks used to gain, manipulate, or delete information in any data-driven system whether this system is online or offline and whether this system is a web or non -web -based. It is distinguished by the multiplicity of its performing methods, so defense techniques could not detect or prevent such attacks. The main objective of this paper is to create a reliable and accurate hybrid technique that secure systems from being exploited by SQL injection attacks. This hybrid technique combines static and runtime SQL queries analysis to create a defense strategy that can detect and prevent various types of SQL injection attacks. To evaluate this suggested technique, a large set of SQL queries have been executed through a simulation that had been developed. The results indicate that the suggested technique is reliable and more effective in capturing more SQL injection types compared to other SQL injection detection methods.
[1]
Jagdish Halde.
SQL Injection analysis, Detection and Prevention
,
2008
.
[2]
Jasvinder Singh.
Analysis of SQL Injection Attack
,
2014
.
[3]
Alessandro Orso,et al.
A Classification of SQL Injection Attacks and Countermeasures
,
2006,
ISSSE.
[4]
Al-Sakib Khan Pathan,et al.
A Detailed Survey on Various Aspects of SQL Injection: Vulnerabilities, Innovative Attacks, and Remedies
,
2012,
ArXiv.
[5]
Sangita Roy,et al.
Analyzing SQL Meta Characters and Preventing SQL Injection Attacks Using Meta Filter
,
2011
.
[6]
Meg Murray,et al.
Database Security: What Students Need to Know
,
2010,
J. Inf. Technol. Educ. Innov. Pract..
[7]
V Shanmughaneethi.
Detection of SQL Injection Attack in Web Applications using Web Services
,
2012
.