Runtime Monitors to Detect and Prevent Union Query Based SQL Injection Attacks

Web applications are increasingly used in recent years to provide online services such as banking, shopping, social networking, etc. These applications operate with sensitive user information and hence there is a high need for assuring their confidentiality, integrity, and availability. Existing pre-deployment testing techniques, tools, and methodologies do not assure complete analysis, execution and testing of all possible behaviors of the software. This causes the software to sometimes behave differently than what it was designed for during its post-deployment. Such a deviation in the system\´s behavior, also termed as "Software Anomaly," is mostly due to external attacks such as Path Traversal Attacks, SQL Injection Attacks, etc., that in turn affect confidential user information stored in the application. In this paper, we present and evaluate a framework called Runtime Monitoring Framework to handle union query based SQL Injection Attacks.