SQL injection detection and exploitation framework for penetration testing

Kazmi, Muhammad Ali Naqi (2019) SQL injection detection and exploitation framework for penetration testing. Doctoral thesis, London Metropolitan University.


SQL injection is one of the complex and threatening attack used against SQL database servers and web applications. Attackers use SQL injection to get unauthorized access and perform unauthorized data modification. To mitigate the devastating problem of SQL injection attack, there are many existing tools and methods for detection and prevention. Due to the rapid SQL injection growth in recent years, the SQL injection security approaches have been experiencing a paradigm shift from the strenuous manual analysis, signature-based approach to a data-driven, machine learning-based dynamic approach.

This research has provided a comprehensive analysis of SQL injection and literature review of the existing SQL injection security methods. The thesis presents a novel semi-automated SQL injection detection and exploitation (IDE) solution using constructive method by combining machine learning and advance Python computation.

Kazmi-Muhammad_Final-Thesis.pdf - Published Version

Download (6MB) | Preview


Downloads per month over past year

Downloads each year

View Item View Item