A Parse Tree Model for Analyzing an‎d Detecting SQL Injection Vulnerabilities

The recent increase in the growth and use of the Internet for a wide-range of Web-based applications such as e-commerce, e-banking, etc., has brought about the increased popularity of web based applications. This upsurge has made the Internet a potential target for different forms of attacks. The increasing frequency and complexity of web-based application attacks have raised awareness of web application administrators of the need to effectively protect their web applications from being attacked by malicious users. SQL injection attack is a class of command injection attacks in which specially crafted input string result in illegal queries to a database has become one of the most serious threats to Web applications today. An SQL injection attacks targets interactive Web applications that employ database services. In this paper, we developed a model based on grammatical structure of an SQL statement using parse tree to test a query by dynamically generating a parse tree and comparing their structures at runtime. We were able to determine if their structures match or not. If they match, the query is parsed signifying that it is legitimate, otherwise it is suspicious and possibly malicious. Our result shows that the parser detected and prevented malicious SQL queries although there were a couple of false positives and false negatives representing 0.01% of legitimate attacks. This result is good enough because achieving 100% security precision may be too difficult. However, we hope to improve on this result in our future research.