Understanding SQL Injection Attacks: Best Practices for Web Application Security

Abstract

SQL (Structured Query Language) injection represents a security weakness that enables attackers to run SQL commands within a web applications database. When exploiting a designed application lacking input validation a malicious actor can control input data to execute SQL queries. The objective of detecting SQL injection vulnerabilities is to identify any section of a web application to user input exploitation, for SQL injection attacks and confirm that the application adequately validates user inputs. The aim of this project is to try and form an attack chain and test the same against any website to assess the website for any weak links and identify any entry points that an attacker could use to penetrate the system and take control of the same. From the paper it is figured that most of the tools only check the vulnerability for the given URL and do not crawl through the webpages and find if the vulnerability is present in any of the other pages. In this project, we are taking the additional step to confirm that there are no vulnerabilities mentioned in this research present in any of the webpages.