Web applications support static and dynamic queries to access the database. Dynamic queries take input from the user and use that input to form the query. A user can give malicious input to the application which results in an incorrect query or an unauthorized query and performs vulnerable action on the database. In this paper, we presented an approach to prevent SQL injection attack (SQLIA) on .Net applications using static and dynamic analysis of the queries. The paper explains comparison of Dynamic query model and static query model in order to validate the query before sending it to the database. The result obtained proves that our designed tool has achieved prevention from SQL injection at greater extend.
Jain, Shikhar and Pais, Alwyn R.
"Model Based Approach to Prevent SQL Injection Attacks on .NET Applications,"
International Journal of Computer Science and Informatics: Vol. 1
, Article 13.
Available at: https://www.interscience.in/ijcsi/vol1/iss2/13