Many software systems have evolved to include a net-based part that creates them available to the general public via the Web and can expose them to a selection of net-based attacks. One of those attacks is SQL injection, which will offer attackers unrestricted access to the databases underlying web applications and has become increasingly frequent and heavy. This paper presents a replacement, highly automated approach for protecting internet applications against SQL injection that has each conceptual and practical benefits over most existing techniques. From a conceptual standpoint, the approach is predicated on the novel idea of positive tainting and on the concept of syntax-aware evaluation. From a sensible standpoint, our technique is precise and efficient and has minimal deployment requirements. We conjointly gift an in depth empirical evaluation of our approach performed using WASP, a tool that implements our technique. In the evaluation, we tend to used WASP to shield a wide selection of web applications while subjecting them to a massive and varied set of attacks and bonafide accesses. WASP was able to stop all attacks and failed to generate any false positives. Our studies additionally show that the overhead imposed by WASP was negligible in most cases.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here