Classification of SQL Injection Attacks Using Fuzzy Tainting

Abstract

The interactive websites/applications involving database services need to assure the confidentiality, integrity and availability of data. They face a dire threat in the name of SQL Injection. A SQL injection attack is an act of manipulating the input data at the client end in order to perform an illegal operation on the database of targeted online system. They enable the attackers to obtain unrestricted access to potentially sensitive information. This may jeopardize the security of Web sites/applications, which may consequently lead to loss of users/customers trust. This report presents a SQL injection (SQLI) threat level indicator based on fuzzy logic for handling SQL injection attacks. The fuzzy tainting approach helped ruling out the possibilities of false positives.