Seediscussions,stats,andauthorprofilesforthispublicationat:http://www.researchgate.net/publication/278242567

SecurityAssessmentofPHPWebApplicationsfromSQLInjectionAttacks

ARTICLE·MAY2015

DOWNLOADS

7

VIEWS

3

3AUTHORS,INCLUDING:

BulbulAhmed

UniversityofChittagong

2PUBLICATIONS0CITATIONS

SEEPROFILE

AbhijitChakraborty

NoakhaliScience&TechnologyUniversity

5PUBLICATIONS7CITATIONS

SEEPROFILE

Availablefrom:BulbulAhmed

Retrievedon:07July2015

Security Assessment of PHP Web Applications from SQL Injection Attacks

1Atiqur Rahman,2Md. Mahbubul Islam and 3Abhijit Chakraborty

1Department of Computer Science & Engineering, University of Chittagong, Chittagong, Bangladesh, Email:bulbul.cse.cu@gmail.com

2Department of Computer Science & Engineering, University of Chittagong, Chittagong, Bangladesh, Email: sohelcu.cse@gmail.com

3Department of Computer Science & Telecommunication Engineering, NSTU, Noakhali, Bangladesh, Email: abhijit.cse@gmail.com

Abstract

SQL injection attacks are one of the major security threats for web applications. In fact, the open web application security project (OWASP), an international organization of web developers, has placed SQLIAs (SQL Injection Attacks) among the top ten attacks that a web application can have. Nevertheless, the awareness of SQL injection is rising and still there are many common types of vulnerabilities exist. Solutions to avoid these attacks are placing powerful Network SQL Injection Intrusion Detection Systems (IDS) but subordinate or internal employee of the organizations can easily bypass the security. Hence, Network Intrusion Detection Systems cannot fully protect the databases from the attacks. This paper is going to analyze the latest techniques in SQL injection attacks and its prevention methods. Using SQLIAs (SQL Injection Attacks), an attacker may be able to read, modify, or even delete database information. The Proposed System can detect the attacks that are from Internet and Insider attacks remove the vulnerability of Web Application by Implementing SQL Injection Prevention Techniques. Therefore, for the accomplishment of the SQL Injection Prevention Techniques, a PHP-based web application named “My online store” has been developed enabling to detect all possible SQL injection attacks.

Keywords: Database Security, World-Wide Web, PHP Web Application Security,

SQL Injection Attacks, Runtime Monitoring.

1. Introduction

In this modern world, we are highly depending on Computer systems. SQL injection attacks are becoming a threat to our computer security systems [7]. Security teams and vulnerability scanners are some of the approaches used to eliminate the flaws that diminish applications integrity. However, without a systematic way of evaluation, it is very difficult to choose the right security tool for the job [7]. The best way to evaluate both security teams and vulnerability scanners is to work with an application whose vulnerabilities are already known. In order to check not only which types of vulnerabilities they find best but also which ones they failed to find at all [7]. While this can be done by using some older version of an application, with some known vulnerabilities, finding a version that has just the right vulnerabilities for the evaluation might be very difficult. Therefore, a method is necessary to give to the evaluator the control over which vulnerabilities are inserted in the test application, to ensure that the evaluations are effective and efficient [9].

This paper proposes a solution to this problem by incorporating an SQL injection tool. This tool is able to inject vulnerabilities into an application that are both attackable and realistic, meaning that it is possible to use the injector to create a test application whose vulnerabilities are chosen by that evaluator. A vulnerability injection tool can also be used to estimate the number of vulnerabilities that are left to correct in an application after it has already been tested [7]. Assume we have an application that not yet been tested for SQLIAs and thus an unknown amount of vulnerabilities. If I extra vulnerabilities are injected in the application before it is tested, and after it is tested I vulnerabilities from the ones previously injected are found plus n vulnerabilities that were originally in the application, we can estimate N by solving the formula N=n = I=I [7]. The assumption behind this reasoning is that the inserted vulnerabilities are a good representation of real vulnerabilities [7]. This means that the

 

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

Journal of Next Generation Information Technology (JNIT) Volume 6, Number 2, May 2015

56

injections should be based on an average distribution of the vulnerabilities in applications, or even better, on data more specific to the specific case, if available. An SQL injection tool is thus more powerful than one would think at first, and this research will show what is required for the creation of such a tool. The objective is to make PHP Web Applications more secure by using different advanced techniques to prevent SQL injections.

The rest of this paper will be organized according to the following structure: section 2 discusses an overview of SQL injection and design decisions, System design will be illustrated in section 3, section 4 elucidates vulnerability detection and security implementation and section 5 concludes this paper.

2. SQL Injection and Design Decisions

2.1. Software: Today’s Biggest Security Risk [9]:

Today’s application has become the enterprise’s ‘’new perimeter’’. With better network level security technology hardening the network perimeter, malicious attackers are now focusing their efforts to strike at the least defended points--- the application [9]. While hackers were once satisfied with defacing Web sites, unleashing denial of service attacks and trading illicit files through targeted networks, modern attackers are profit driven. Financial and customer data have become valuable commodities and applications must be secure enough to protect them.

Figure 2.1. i) NIST/Gartner Key Facts ii): CERT – Number of Software Vulnerability Disclosures per Year [9]

Figure 2.1. shows the recent industry statistics of Software Vulnerability. Data from CERT reveals

that the number of software vulnerabilities has risen dramatically and has eclipsed 7,000 new software vulnerability disclosures in the past year- An all-time high. Meanwhile, Gartner and NIST report that 95% of all reported vulnerabilities are in software, 75% of threats target business information, and 75% of attacks target the application level. Yet, even with these findings, most enterprises allocate less than 10% of their security spending to application security [8].

2.2. SQL Injection:

SQL injection is a technique for maliciously exploiting applications that use client-supplied data in SQL statements. SQL Injection Attacks occur when an attacker is able to insert a series of SQL statements into a‘ query’ by manipulating user input data into a web-based application, attacker can take advantages of web application programming security flaws and pass unexpected malicious SQL statements through a web application for execution by the backend database. SQL injection is now one of the most common attacks on the Internet. SQL query is in time passed on to the database server where the query is executed. “Unsanitized” data, as it is often referred to, can consist of a number of things. Data containing unescaped illegal characters, such as semicolons or commenting characters, can result in unexpected and dangerous queries. Data that is not type-checked is also considered Unsanitized because it can lead to improperly formed and often dangerous queries. If a query is expecting numeric input but instead receives textual input, the faulty input can easily be misinterpreted by the database server as a textual command. This sort of error resulting from data that has not been properly escaped and type checked is a security vulnerability that must be fixed [5].

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

57

It is important to note that injection attacks are different than traditional attacks on the web server. In an injection attack, there is no attempt to gain access of any kind to the server. The goal of an injection attack consists of taking advantage of vulnerabilities within the web application’s use of the database server and database itself. Figure 2.2. illustrates the location of such vulnerability within the architecture of a web application.

Figure 2.2. Location of an SQL injection vulnerability within a web application

This vulnerability can be used to expose sensitive data that could in turn allow for things like

machine access, but at its most basic form, injection attacks are targeted toward the database Server and database, not the web server.

2.3. SQL injection-The Most Prevalent Type of Application Security Vulnerability

With over 20% of all web vulnerabilities being attributed to SQL Injection, this is the 2nd most common software vulnerability and having the ability to find and prevent SQL injection should be top of mind for web developers and security personnel. In general, an SQL Injection attack exploits a web application which does not properly validate or encode user-supplied input and then uses that input as part of a query or command against a back-end database. For example, a typical form may ask for an ID and create a URL: www.somewebsite.com/id/id.asp?id.somedata. An attacker using SQL Injection may enter "some data or 1=1". If the web application does not properly validate or encode the user-supplied data and sends it directly to the database, the reply to the query will expose all ids in the database since the condition "1=1" is always true. This is a basic example, but it illustrates the importance of sanitizing user-supplied data before using it in a query or command. [9]

2.4. Design Decisions

Each decision is divided into two parts, with the first part explaining potential disadvantages that one choice would have when compared to the alternative, and the second part explaining its advantages and trying to help the reader understand why certain design decisions were taken.

2.5. PHP vs. Other Server-Side Programming Language:

PHP is by far the most used server-side language in web applications. In order to make this thesis as useful as possible, choosing a relevant language was a decisive factor. It is easy to learn. This was very useful because the author of the thesis did not know any server-side language and opting for PHP was a plus. PHP is as dynamic as a language can get. While this might make PHP more powerful and interesting to developers, it makes its analysis much harder. Some features that have this effect are the possibility to include source files at run-time, which make it very difficult to understand the code that will actually run. Additionally, the fact that PHP is weakly typed requires type inference to be performed, and the way it allows for aliases to be created dynamically also requires alias analysis.

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

58

2.6. Manual Tests and Evaluating the Results Manual SQL Injection Tests:

One can actually run some basic tests to evaluate your web applications for SQL Injection vulnerabilities using nothing more than a web browser. First, a word of caution: the tests I describe only look for basic SQL Injection flaws. They won't detect advanced techniques and are somewhat tedious to use. If you can afford it, go with an automated scanner. However, if you can't handle that price tag, manual testing is a great first step. The easiest way to evaluate whether an application is vulnerable is to experiment with innocuous injection attacks that won't actually harm your database if they succeed but will provide you with evidence that you need to correct a problem. For example, suppose you had a simple web application that looks up an individual in a database and provides contact information, as a result. That page might use the following URL format:

http://myfakewebsite.com/directory.asp?lastname=chapple&firstname=mike We can assume that this page performs a database lookup, using a query similar to the following:

Example to test SQL Injection Attacks SELECT phone FROM directory WHERE lastname = 'chapple' and firstname= 'mike'

With our assumption above, we can make a simple change to the URL that tests for SQL injection attacks: http://myfakewebsite.com/directory.asp?lastname=chapple&firstname=mike'+AND+(select+count(*)+from+fake)+%3e0+OR+'1'%3d'1 If the web application hasn't been properly protected against SQL injection, it simply plugs this fake first name into the SQL statement it executes against the database, resulting in:

An SQL query after Vulnerable by SQL Injection: SELECT phone FROM directory WHERE lastname = 'chapple' and firstname='mike' AND (select count(*) from fake)> 0 OR '1'='1'

It’s been noticed that the syntax above is a little different than that in the original URL. I took the liberty of converting the URL-encoded variable into their ASCII equivalents to make it easier to follow the example. For example, %3d is the URL-encoding for the '=' character. I also added some line breaks for similar purposes. Evaluating the Results:

The test comes when you try to load the web page with the URL listed above. If the web application is well-behaved, it will strip out the single quotes from the input before passing the query to the database. This will simply result in a weird lookup for someone with a first name that includes a bunch of SQL! You'll see an error message from the application similar to the one below:

Error No user found with name mike+AND+(select+count(*)+from+fake)+%3e0+OR+1%3d1 Chapple! On the other hand, if the application is vulnerable to SQL injection, it will pass the statement directly to the database, resulting in one of the two possibilities. First, if your server has detailed error messages enabled (which you shouldn't!), you'll see something like this:

Microsoft OLE DB Provider for ODBC Drivers error '80040e37' [Microsoft][ODBC SQL Server Driver][SQL Server]Invalid object name 'fake'. /directory.asp, line 13 On the other hand, if your web server doesn't display detailed error messages, you'll get a more generic error, such as:

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

59

The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator to inform of the time the error occurred and of anything you might have done that may have caused the error. More information about this error may be available in the server error log. If you receive either one of the two errors above, your application is vulnerable to SQL injection attack! Some steps that you can take to protect your applications against SQL Injection attacks include:

Implement parameter checking on all applications. For example, if you're asking someone to enter a customer number, make sure the input is numeric before executing the query.

Limit the permissions of the account that executes SQL queries. The rule of least privilege applies. If the account used to execute the query doesn't have permission to execute it, it will not succeed!

Use stored procedures (or similar techniques) to prevent users from directly interacting with SQL code. [15, 16, 7].

3. System Design

To make a PHP Web Application more secure, first need to develop a PHP based Web Application [17, 11]. Where web applications take inputs from users, and then use these inputs to construct SQL queries, so the web applications can pull the information out of the database. Web applications also use SQL queries to store information in the database. These are common practices in the development of web applications. When the SQL queries are not carefully constructed, SQL-injection vulnerabilities can occur. SQL-injection attacks are one of the most frequent attacks on web applications [18]. Here is our system interface named My Online Store where we will implement SQL Injection Tools to find out the vulnerability Injection in SQL queries.

Figure 3.1. System Interface of a PHP web Application(my_online_store)

3.1. Design Description of Our Application:

We have designed A PHP based Web Application named My Online Store to Implement SQL Injection Scanner to make our application more secure. First we have designed a dynamic admin Login System where admin can log in, and add a product to The System. Admin Have the Authorization power to maintain the order list of customer. Customer can add a product to their cart. We are giving the snapshot of Admin login System, Cart System, Add Product System bellow:

Figure 3.2. A Snapshot of Admin Login System(Online Store)

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

60

Figure 3.2. shows the admin pages where an admin user can log on to enter into the online store system. Figure 3.3. describes the inventory list of the online store and Figure 3.4. corresponds to the inventory information.

Figure 3.3. A Snapshot of Inventory List System Figure 3.4. A Snapshot of Cart System

We are giving a coding Layout example to showing the possibility area where SQL Injection can attack the code. We will implement SQL Injection prevention techniques to detect the vulnerability injection, finally we will remove the SQL Injection Attacks and will make our Application more secure. A snapshot of the codes of inventory_list.php is given below:

Figure 3.5. A snapshot of inventory_list.php Layout.

Actually the task is to identify the injection attacks in the SQL codes and then resolve it by the SQL injection scanner so that it can avoid the injection attacks in the coding paradigm.

4. Vulnerability Detection and Security Implementation

For understanding that our system is SQL vulnerable, we implement some manual tests in our system. After testing, we are decided that our system is vulnerable to SQL injection. Provide some vulnerable techniques to make our System more secure. A snapshot of our system is given below for understanding the system vulnerability.

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

61

Figure 4.1. A snapshot of admin_login.php using manual SQL injection vulnerability

test(my_online_store) The page of the system use the following URL format: http://localhost/my_online_store/storeadmin/admin_login.php?username=%27$manager%27&password=%27$password%27

Figure shows that a simple change to the URL that tests for SQL injection attacks:

http://localhost/my_online_store/storeadmin/admin_login.php?username=%27$manager%27&password=%27$password%27+AND+%28select+count%28*%29+from+fake%29+%3E0+OR+%271%27%3d%271. After changing the URL I found some generic server error messages.

4.1. SQL Injection Vulnerability in Our System:

Web applications often use data read from a client to construct database queries. If the data is not properly processed prior to SQL query construction, malicious patterns that result in the execution of arbitrary SQL or even system commands can be injected. The attack is possible where user input is used to construct an SQL query without being validated. In our system, a snapshot of possible area of vulnerability is given below:

Figure 4.2. A snapshot of vulnerable area in admin_login.php(my_online_store)

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

62

SQL Injection vulnerability in admin_login.php using MySQL are given below:

$manager = $_POST["username"] ; $password = $_POST["password"]; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1") $existCount = mysql_num_rows($sql); if ($existCount == 1) { while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } ---------------- exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit();

The example above is a typical example of a vulnerable piece of PHP code. The user had to give the

right username and password pair to access his private data, thus preventing users from accessing private data that does not belong to them. However, due to the SQL Injection vulnerability, this is not what happens. If an attacker fills his username as “admin’--”, since -- is a comment in MySQL, the SQL query will stop at the username and will not even compare the password. With such a simple attack, the attacker gained access to the private data of the user without knowing its password. In inventory_list.php the query will be framed as follows:

SQL Injection vulnerability in inventory_list.php using MySQL In inventory_edit.php the query will be framed as follows:

$sql = mysql_query("UPDATE products SET product_name='$product_name', price='$price', details='$details', category='$category', subcategory='$subcategory' WHERE id='$pid'");

The mysql_query () function does not permit query stacking or executing multiple queries in a single function call. If you try to stack queries, the call fails. However, other PHP database extensions, such as SQLite and PostgreSQL, happily perform stacked queries, executing all of the queries provided in one string and creating a serious security problem. For this reason MYSQL as database extension in our system.

4.2. Implementation of Prevention Techniques

There are many techniques that we implement in our system to prevent SQL injection vulnerability.

$product_name =$_POST['product_name']; $price = $_POST['price']; $category = $_POST['category']; $subcategory = $_POST['subcategory']; $details =$_POST['details']; $sql = mysql_query("SELECT id FROM products WHERE product_name='$product_name' LIMIT 1"); $sql = mysql_query("INSERT INTO products (product_name, price, details, category, subcategory, date_added)

VALUES('$product_name','$price','$details','$category','$subcategory',now())") or die (mysql_error());

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

63

Input Validation:

Using input validation technique is one of the way to avoid SQL injections.This allows what characters are being passed to my system, which provide security in my system and prevent SQL injection vulnerability.Using validation technique, the vulnerable example above would become like this: admin_login.php using input validation technique to save from SQL injection:

Admin_login.php using input validation technique to save from SQL injection:

$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person

A snapshot of my system applying validation technique is given below.

Figure 4.3. A snapshot of admin_login.php applying validation technique

Prepared Statements:

Using prepared statements is the best way to avoid SQL Injections. A prepared statement is just an SQL query that is prepared before the parameters are passed to it. This allows separation of what is the actual query and what is the data that is being passed to it as statements. Using prepared statements with MySQLi, the vulnerable example above would become like this admin_login.php using prepared statements technique to save from SQL injection:

$mysqli = new mysql(’localhost’, ’username’, ’password’, ’mystore’); $stmt = $mysqli->prepare("SELECT id FROM admin WHERE username=? AND password=?"); $stmt->bind_param("ss", $_POST["username"], $_POST["password"]); $stmt->execute(); $stmt->bind_result($result); $stmt->fetch(); echo $result;

In this case, the SQL query is first prepared in line 2 and the parameters are only bound to the query

at line 4, allowing MySQLi to distinguish the query from its parameters. Besides, the first parameter of the bind_param function, "ss", limits the values of the parameters to being strings, which further add to the security.

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

64

Escaping:

One way to prevent injections is to escape dangerous characters (i.e. backslash, apostrophe, and semicolon). In PHP, it is typical to escape the input using the function mysql_real_escape_string before sending the SQL query Inventory_list using escaping technique to save from SQL injection: Inventory_list using escaping technique to save from SQL injection

$product_name = mysql_real_escape_string($_POST['product_name']); $price = mysql_real_escape_string($_POST['price']); $category = mysql_real_escape_string($_POST['category']); $subcategory = mysql_real_escape_string($_POST['subcategory']); $details = mysql_real_escape_string($_POST['details']);

Magic Quotes:

PHP’s automatic input escape mechanism,magic_quotes_gpc, provides some rudimentary protection. If enabled, magic_quotes_gpc, or “magic quotes”, adds a backslash in front of single-quotes, double-quotes, and other characters that could be used to break out of a value identifier. But, magic quotes are a generic solution that doesn’t include all of the characters that require escaping, and the feature isn’t always enabled. Ultimately, it’s up to you to implement safeguards to protect against SQL injection [16]. Inventory_list using magic quotes technique to save from SQL injection:

Inventory_list using magic quotes technique to save from SQL injection:

if (get_magic_quotes_gpc()) { $product_name= stripslashes($product_name); $price = stripslashes($price); $category= stripslashes($category); $subcategory = stripslashes($subcategory); $details = stripslashes($details); } $product_name = mysql_real_escape_string($_POST['product_name']); $price = mysql_real_escape_string($_POST['price']); $category = mysql_real_escape_string($_POST['category']); $subcategory = mysql_real_escape_string($_POST['subcategory']); $details = mysql_real_escape_string($_POST['details']); $mysql_query(“SELECT * FROM product WHERE name=’{ $product_name, $price,$category, $subcategory, $details }’”);

However, before calling a database’s own escaping mechanism, it’s important to check the state of

magic quotes. If magic quotes is enabled, remove any backslashes (\) it may have added; otherwise, the input will be doubly escaped, effectively corrupting it (because it differs from the input supplied by the user). In addition to securing input, a database-specific escape function prevents data corruption. For example, the escape function provided in the MySQL extension is aware of connection characters and encodes those (and others) to ensure that data isn’t corrupted by the MySQL storage mechanism and vice versa.

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

65

5. Conclusion

This paper expressed a brief introduction of Security vulnerability of PHP Web Applications from SQL injection attacks and how to overcome this vulnerability. In a future we will try to make PHP Web Applications more secure. Working with Other top nine attacks and implement different advanced techniques to prevent that attacks.SQL Injection Scanner is a powerful, flexible, and affordable tool that detects vulnerability injection of a large number of PHP Web Applications. The paper described an SQL Injection Scanner tool that can insert realistic and attackable vulnerabilities. In fact, since PHP is such a challenging language, this gives us some level of confidence that it should be possible to inject vulnerabilities in other languages. This paper thus concludes that despite being a relatively new research area, SQL injection Scanner is a tool to improve the security of PHP applications. 6. References [1] Francisco Jose Marques Vieira, ”Realistic Vulnerability Injection in PHP Web Applications”

Lisboa.2011 [2] P. Beggar and D. Gregg, “Static Analysis of Dynamic Scripting Languages” 2009. [3]Usage of server-side programming languages for websites, available at

URL:http://w3techs.com/technologies/overview/programming_language/all, 2011. [4] Gehani, Narain , “The Database Book: Principles & Practice using MySQL”,2007, 91-133, 279-

290. [5] Maori, O. & Schulman, “A Blind SQL Injection: Imperva ADC”,2008, available at

http://www.imperva.com/resources/adc/blind_sql_server_injection.html [6]How to upload the shell directly through SQL injection, available at

URL:http://exploiterz.blogspot.com/2013/07/how-to-upload-shell-through-sql.html [7] Testing for SQL Injection Vulnerabilities. URL:http://databases.about.com/od/security/a/sql

_inject_test.htm [8]Automating-code-reviewswhitepaper.pdf,URL:http:/www.vercode.com/resources/whitepapers [9] Prevent SQL Injection Tutorial, Cheat Sheet to Avoid Attacks-PHP Example: over code

http://www.veracode.com/security/sql-injection [10]Guide to PHP security available at ftp.pl.freebsd.org/vol/rzm1/mysql/tech-resources/articles/guide-

to-php-security-ch3.pdf [11] Hypertext Preprocessor available at www.php.net [12] PHP Web commerce available at http://www.phpwebcommerce.com [13] The world’s largest Web development site, available at www.w3schools.com [14] SQL Injection , available at http://en.wikipedia.org/wiki/SQL_injection [15] Halfond, William GJ, and Alessandro Orso. "AMNESIA: analysis and monitoring for Neutralizing

SQL-injection attacks." In Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering, pp. 174-183. ACM, 2005.

[16] Buehrer, Gregory, Bruce W. Weide, and Paolo AG Sivilotti. "Using parse tree validation to prevent SQL injection attacks." In Proceedings of the 5th international workshop on Software engineering and middleware, pp. 106-113. ACM, 2005.

[17] Appelt, Dennis, Nadia Alshahwan, and Lionel Briand. "Assessing the impact of firewalls and database proxies on SQL injection testing." In Future Internet Testing, pp. 32-47. Springer International Publishing, 2014.

[18] Win, Witty, and Hnin Htun. "A Simple and Efficient Framework for Detection of SQL Injection Attack." IJCCER 1, no. 2: 26-30, 2013.

Security Assessment of PHP Web Applications from SQL Injection Attacks Atiqur Rahman, Md. Mahbubul Islam, Abhijit Chakraborty

66