TJES: Ablahd AZ, Dawwod SA .Using Flask for SQLIA Detection and Protection . Tikrit Journal of Engineering Sciences 2020; 27(2): 1- 14.

APA: Ablahd, A. Z., Dawwod, S. A. (2020). Using Flask for SQLIA Detection and Protection. Tikrit Journal of Engineering Sciences, 27 (2), 1- 14.


[1] Huang, Yao-Wen, et al. Securing web application code by static analysis and runtime protection Proceedings of the 13th international conference on World Wide Web. ACM ,2004.

[2] Boyd, Stephen W., and Angelos D. Keromytis. Preventing SQL injection attacks. International Conference on Applied Cryptography and Network Security. Springer Berlin Heidelberg,2004.

[3] Kemalis, Konstantinos, and Theodores Tzouramanis. SQL-IDS: a specification-based approach for SQL-injection detection. Proceedings of the ACM, 2008.

[4] Junjin, Mei. An approach for SQL injection vulnerability detection. ITNG\\\’09. International Sixth Conference on. IEEE. Justin Clarke. (2009). SQL Injection attacks and defense. Burlington, Mass:Syngress Pub,2009.

[5] J. Kim. Injection Attack Detection Using the Removal of SQL Query Attribute Values. Proc. of the International Conference on Information Science and Applications (ICISA), Jeju Island, Korea,2011. [6] Ryan Turner, Python Programming book, Kindle Edition. Sqlmap tutorial for beginners hacking with SQL injection. http://www.binarytides.com/sqlmap-hacking-tutorial, 2018. [7] Alfantookh, Abdulkader. An automated universal server-level solution for SQL injection security flaw. International Conference on Electrical and Computer Engineering (ICEEC\\\’04), 2004. [8] Chen xiao bing, Zhang Han yu, Luo Liming. Research on the technology of SQL injection attacks and detection. Comput Eng Appl.,2007. [9] Fu, Xiang, et al. A static analysis framework for detecting SQL Injection vulnerabilities. Computer Software and Applications Conference.31st Annual International.Vol. 1. IEEE,2007 [10] Gerand Swinnen, Teach python3 book, first edition, 2013. [11] Grinberg, Miguel, Flask web development: developing web applications with python. O\\\’Reilly Media Inc, 2014. [12] Halfond, William G., Jeremy Viegas, and Alessandro Orso. A classification of SQL-injection attacks and countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering. Vol. 1. IEEE, 2006. [13] MATEC Web of Conference 173.https://doi.org/10.1051/matecconf/2018173, 2018. [14] Suraj Natarajan, Melody Moh Recommending News Based on Hybrid User Profile Popularity Trends and Location, CTS, 2016. [15] Tao Han. Research on SQL injection detection method based on analytic tree – Harbin Institute of Technology, 2013. [16] The OWASP Top Ten Project. https://www.owasp.org/index.php/Category: OWASP_Top_Ten_Project, 2018. [17] Tian Y J, Zhao Z M, Zhang H C. Second-order SQL Injection Attack Defense Model, Netinfo Security, 2014. [18] Valeur, Fredrik,Darren Mutz, and Giovanni Vigna. A learning-based approach to the detection of SQL attacks. International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg ,2005. [19] Wahid Rajeh,Alshreef Abed.Anovel three-tier SQLi detection and mitigation scheme for cloud environments, ICECIS, 33-37, 2017. [20] WuShao Hua, Chen Shu bao.Web Attack Detection Method Based on Support Vector Machine Computer ,2015. [21] Zhuang Chen, Min Guo, Lin zhou. Research on SQL injection detection technology based on SVM,2018.


Tikrit Journal of Engineering Sciences (2020) 27(2) 1- 14.

Using Flask for SQLIA Detection and Protection

Ann Z..Ablahd *1 Suhair A..Dawwod 2

1Computer Engineering Dept. / Technical College / Northern Technical University/ Kirkuk-Iraq

2 Management Information System Dept. /Administration & Economic/ College/ Mosul-Iraq

* Corresponding author: drann@ntu.edu.iq  

DOI: http://dx.doi.org/10.25130/tjes.27.2.01


At present the web applications are used for most of the life activities, these applications are affected by an attack called (Structure Query Language Injection Attack) SQLIA due to the vulnerabilities of the web application. The vulnerabilities of the web application are increased because most of application developers do not care to security in designing.SQL injection is a common attack that infects a web application. The attacker adds (Structured Query Language) SQL code to web page for accessing and changing victim databases.The vital step in securing the database and detecting such an attack in web apps is preparing a tool. Many researchers propose different ways for detection and prevention of such as an attack. In this paper a tool it proposed using a powerful micro-framework web application designer called Flask in Python 3.7 to detect and prevent such attacks. The proposed system is called SQLIAD. SQLIAD analyzed a web application on-line.


Keywords: SQL injection, Flask, vulnerability, Web application, Python, Django

Related Articles


Loader Loading...
EAD Logo Taking too long?
Reload Reload document
| Open Open in new tab

Download [0.99 MB]