A new algorithm for detecting SQL injection attack in Web application

Abstract: Nowadays, the security of applications and Web servers is a new trend that finds its need on the Web. The number of vulnerabilities identified in this type of applications is constantly increasing especially SQL injection attack. It is therefore necessary to regularly audit Web applications to verify the presence of exploitable vulnerabilities. Web vulnerability scanner WASAPY is one of the audit tool, it uses an algorithm which bases on a classification techniques of pages obtained by sending HTTP requests especially formatted. We propose in this paper a new algorithm which was built in a vision to improve rather to supplement the logic followed in modeling WASAPY tool. The tool was supplemented by a new class reflecting the legitimate appearance or referential, therefore, the detection mechanism was solidly built on a statistic in a fairly clear mathematical framework described by a simple geometric representation or interpretation.

Ouarda Lounis, Salah Eddine Bouhouita Guermeche, Lalia Saoudi and Salah Eddine Benaicha, “A new algorithm for detecting SQL injection attack in Web application” International Journal of Advanced Computer Science and Applications(IJACSA), Special Issue on Extended Papers from Science and Information Conference 2014, 2014. http://dx.doi.org/10.14569/SpecialIssue.2014.040306

@article{Lounis2014,
title = {A new algorithm for detecting SQL injection attack in Web application},
journal = {International Journal of Advanced Computer Science and Applications(IJACSA), Special Issue on Extended Papers from Science and Information Conference 2014}
doi = {10.14569/SpecialIssue.2014.040306},
url = {http://dx.doi.org/10.14569/SpecialIssue.2014.040306},
year = {2014},
publisher = {The Science and Information Organization},
volume = {4},
number = {3},
author = {Ouarda Lounis and Salah Eddine Bouhouita Guermeche and Lalia Saoudi and Salah Eddine Benaicha},
}