Development of Dynamic Analysis Algorithms for SQL Injection

Abstract

Software security is a fundamental requirement for any system especially that deal with sensitive data. The Hackers use many techniques to penetrate the security, focusing on web pages. The most famous vulnerability is the SQL Injection that enable the attackers to access a sensitive system data and deal with the system as they are the system administrator. In this thesis we introduce an algorithm that helps to detect SQL Injection vulnerability at run time. The function of the proposed algorithm is depending on the extraction of the suspected variables Get and Post. The proposed algorithm is implemented using Microsoft visual Basic studio VB.net. The proposed algorithm is tested using global and local web sites online.