Automatic Protection of Web Applications Against SQL Injections: An Approach Based On Acunetix, Burp Suite and SQLMAP

Automatic Protection of Web Applications Against SQL Injections: An Approach Based On Acunetix, Burp Suite and SQLMAP

연구 분야: Databases

학회: 2023 9th International Conference on Optimization and Applications (ICOA)

Web application security is a critical concern in the digital world. One of the most common and dangerous vulnerabilities in web applications is SQL injection. SQL injection is an attack technique that allows a hacker to exploit security weaknesses in web applications that use SQL queries to interact with the database. This article presents a practical, step-by-step approach to detecting and exploiting the SQL injection vulnerability. The solution combined the use of Acunetix Web Vulnerability Scanner for detection, Burp Suite for capturing http requests containing parameters vulnerable to SQL injection, and SQLMAP as an automatic SQL Injection operating tool. The test was performed in a practical way using the real Damn Vulnerability Application and simulating SQL injection attack scenarios on each available security level: low, medium, and high. The results obtained showed very high performance of the solution at the different security levels, although the security mechanisms have been strengthened at these levels.