A component based SQL injection vulnerability detection tool

摘要

SQL injection attack (SQLIA) is one of the most severe attacks that can be used against web database driving applications. Attackers' use SQLIA to get unauthorized access to and perform unauthorized data modification. To mitigate the devastating problem of SQLIA, different researchers proposed variety of web penetration testing tools that automation of SQLI vulnerability assessment that result in SQLIA. Recent study shows that there is need for adaptation of object orienting approach in development of application program in order to reduce the cost of integration and maintenance, as well as improve the efficiency of application programs. Most of the proposed SQLIV (SQL injection vulnerability) detection tools by academic researchers seem to focus on improving efficiency or effectiveness of SQLIV detection tool thereby paying less attention to advantage of adopting reusable component. Therefore, this paper propose component based (CBC) SQLIV detection tool that has the potential to enable developer to reuse component where necessary and allow integration and maintenance fast and in less cost. The proposed tool was tested on three different vulnerable web applications after which its effectiveness was compared against seven(7) different SQLIV detection tool accordingly, the result of evaluation proves that the tool has all the potential to detect SQLIV vulnerabilities on different scenarios that other of scanners ware unable to detect.