Authors : K. Umar, A.B. Sultan, H. Zulzalil, N. Admodisastro and M.T. Abdullah
Abstract: Existing literature focuses more on describing SQL Injection Attacks (SQLIAs) and less on describing SQL Injection Vulnerabilities (SQLIVs), even though, the former is carried out to exploit the later. This study describe root causes of SQLIVs and illustrates how SQLIVs could be exploited using different types of SQLIAs. The study, also, presents proposal of a new method for automated detection and removal of SQLIVs. The new method employs grammar reachability analysis to define enhanced static source code analysis for detection of SQLIVs and employs Evolutionary Programming (EP) search strategy to automate source code modification for removal of SQLIVs. Preliminary experimental results show that the new method is feasible and promising.
K. Umar, A.B. Sultan, H. Zulzalil, N. Admodisastro and M.T. Abdullah, 2018. Evolutionary Search Method for Removal of SQL Injection Vulnerabilities. Journal of Engineering and Applied Sciences, 13: 7162-7170.