SQLIA

Static analysis FindBugs approach detects bugs on SQLIAs, gives warning when an SQL query is made of variable.

Table 4 shows a chart of the schemes and their defense capabilities against various SQLIAs. This table shows the comparative analysis of the SQL Injections prevention techniques and the attack types.

Therefore, any malicious user attempting an SQLIA will not be successful because, the user input inserted into the randomized query will be classified as a set of non-keywords resulting in an invalid expression.

Some of the attacks targeted on web applications include SQL Injection Attacks (SQLIAs), Cross-Site Scripting (CSS), Cross-Site Request Forgery (CSRF), Path Traversal Attacks, etc.

SQLIAs are identified as the major security threats to web applications [1].

Even though the vulnerabilities leading to SQLIAs are well understood, the attack continues to be a problem due to lack of effective techniques for detecting and preventing them.

In this paper, we introduce a framework called Runtime Monitoring Framework that is used by our technique to handle tautology based SQLIAs. The framework uses knowledge gained from pre-deployment testing of web application to develop runtime monitors which perform post-deployment monitoring of web application.