A Framework for SQL Injection Investigations.. Detection, Investigation, and Forensics

Abstract

Web applications provide information for various private organizations and public sectors. The flaws in web-based application and database can also be utilized for malicious SQL statements. Aggressors often exploit SQL injection (SQLi) flaws during an input validation of web applications to infect database servers and launch cyber-attacks. SQLi attacks derive from the execution of an untrusted input and make the program execute unintended codes with administrative privileges. Website administrators should mitigate SQLi vulnerabilities and LEAs should find a better way to collect relevant evidence. This paper proposes a framework of SQLi Investigation Architecture (SIA) and proves its feasibility in fighting against of SQLi attacks. An effective and efficient approach is also proposed to prosecute SQLi aggressors and keep them away from abusing the database.