Query comparison engine to detect and prevent SQL injection attacks
摘要
SQL Injection attacks (SQLIAs) pose a major threat to web applications getting empowered with unauthorized data access that lead to either steal, modify or delete sensitive data from underlying databases. SQLIAs have become popular due to the reason that they create massive impacts on digital platforms. This paper presents a light weight real time detection and prevention mechanism for SQLIAs using structured query comparison approach. The proposed method compares the SQL queries at compile-time and execution-time for SQLIAs identification. SQLIAs that can be detected by the proposed method include Boolean, tautology, piggybacked queries, illegal queries, union queries, stored procedure etc. The proposed method has been tested on two GITHUB open source datasets and the results show the F1-score of