Abstract

Websites are a popular tool in our modern world, used daily by many companies and individuals. However, they are also rife with vulnerabilities, including SQL injection (SQLI) vulnerabilities. SQLI attacks can lead to significant damage to the data stored within web applications and their databases. Due to the dangers posed by these attacks, many countermeasures have been researched and implemented to protect websites against this threat. Various tools have been developed to enhance the process of detecting SQLI vulnerabilities and active SQLI attacks. Many of these tools have integrated machine learning technologies, aiming to improve their efficiency and effectiveness. Penetration testing is another valid method of detecting and fixing SQLI vulnerabilities, and there are tools designed to automate this process. Some of these automated exploitation tools have also incorporated machine learning techniques. This research aims to identify design requirements of a SQLI exploitation tool that utilizes Natural Language Generation for attack data. This research also aims to compare this new SQLI exploitation to existing tools. This research integrates various components from existing research projects to develop and evaluate the effectiveness of the proposed SQLI exploitation tool. This research establishes a framework for a SQL injection exploitation tool. Additionally, the study successfully tests multiple components of this new tool and compares the accuracy and speed of the new tool to already existing tools.

Degree

College and Department

Ira A. Fulton College of Engineering; Electrical and Computer Engineering

Rights

https://lib.byu.edu/about/copyright/