SQL Injection Attack (SQLIA) is one of the most severe attacks that can be used against web database driven applications. Attackers’ use SQLIA to get unauthorized access and perform un-authorize data modification as result of improper input validation by web application developer. Various studies have shown that average of 64% of web application of worldwide are vulnerable to SQLIA attack as result of their vulnerability. To mitigate the devastating problem of SQLIA, this research proposed automatic dynamic SQL injection vulnerability scanner (SQLIVS) that automates SQLI vulnerability assessment that results in SQLIA.
Recent study shows that there is need for improving effectiveness of existing SQLIVS to reduce the cost of manual inspection of vulnerabilities and risk of being attack as result of false negative and false positive result reported by the SQLIV scanner. The research focus on improving effectiveness of SQLIVS by proposing object oriented approach in development of SQLIVS in order to help controlling of false positive an false negative result as well as to provide the room for improving proposed scanner by the potential researchers.