Evaluation of SQL injection testing tools and techniques

My MSc Thesis in 2016 was titled Evaluation of SQL injection testing tools and techniques. I had a quick look through all my old uni work looking for content to put on my blog, and decided to see if I could find my thesis online. I found it available as a hard copy in the UWS library here

SQL injection

The abstract is as follows:

SQL injection vulnerabilities remain one of the top ten most critical web-application security risks. SQL injection itself is a well understood subject. There are many methods to counteract SQL injection vulnerabilities, yet vulnerabilities still prevail today. This paper evaluates a selection of SQL injection detection tools and open-source web-applications. This paper presents an improvement to a popular open-source tool using techniques identified in the literature to enumerate SQL injection vulnerabilities in URL input parameters. This paper presents results from an experiment comparing the modified and unmodified tool. The design and implementation of an automation tool used to carry out the experiments is also presented. The automation allows for SQL injection detection using multiple tools against multiple open- source platforms.

Unfortunately there isn’t a soft-copy available :( [though I have one here, I can’t publish it on my blog – I may see about getting permission from the uni for this]

Leave a Reply