Skip to Main Content
SQL injection attacks occur due to vulnerabilities in the design of queries where a malicious user can take advantage of input opportunities to insert code in the queries that modify the query-conditions resulting in unauthorized database access. We provide a novel technique to identify the possibilities of such attacks. The central theme of our technique is based on automatically developing a model for a SQL query such that the model captures the dependencies between various components (sub-queries) of the query. We, then, analyze the model using CREST test-case generator and identify the conditions under which the query corresponding to the model is deemed vulnerable. We further analyze the obtained condition-set to identify its subset; this subset being referred to as the causal set of the vulnerability. Our technique considers the semantics of the query conditions, i.e., the relationship between the conditions, and as such complements the existing techniques which only rely on syntactic structure of the SQL query. In short, our technique can detect vulnerabilities in nested SQL queries, and can provide results with no false positives or false negatives when compared to the existing techniques.