A detection technique against malicious SQL attacks on web applications

Abstract

Most web applications remain vulnerable to SQL injection (SQLi) attacks, where malicious inputs by unauthorized users lead to deletion, modification, or unauthorized retrieval of confidential data from remote databases. These incidents often cause severe financial losses and operational disruptions for commercial vendors and financial institutions. Therefore, this study aimed to develop an enhanced detection and prevention technique against SQLi attacks to strengthen database security in web applications. The research identified recent SQLi attack patterns associated with user input in dynamic web applications and developed a detection method named DetectCombined, implemented using JavaScript and PHP scripts. The DetectCombined prototype integrated three sequential stages: filtration, validation, and history to filter, encrypt, and log previous SQLi attempts, thereby improving system adaptability and reducing false negatives. Experimental testing on an online portal simulation demonstrated that the DetectCombined technique achieved a high degree of detection accuracy, effectively blocking malicious SQL queries and reducing unauthorized access attempts compared to standard PHP input validation. The results confirmed that proactive filtering and encrypted validation through DetectCombined technique at the input stage can significantly enhance the security of web applications against SQL injection threats. The study recommends that web developers and security engineers adopt adaptive, effective detection mechanisms like DetectCombined to enhance real-time protection and ensure sustainable database security in modern web applications. The importance of this study lies in its contribution to strengthening cybersecurity frameworks for web-based systems by providing a proactive and adaptive solution to one of the most persistent vulnerabilities in modern computing environments. However, the study acknowledges certain limitations, including increased computational overhead due to encryption processes and resource consumption associated with maintaining a large history table in high-traffic applications. Despite these constraints, the technique proved to be a reliable and scalable approach to mitigating SQLi attacks. Future research should focus on integrating artificial intelligence and machine learning to automate the detection of evolving SQLi patterns and further optimize system performance, thereby extending the body of knowledge in web application security.