International Research Journal of Innovations in Engineering and Technology - IRJIET International Open Access, Monthly, Peer Reviewed, Reputed Journal ISSN (online): 2581-3048

Impact Factor (2025): 6.9

DOI Prefix: 10.47001/IRJIET

Enhancement of Web Application Security using SQLMap and Machine Learning

Abstract

SQL Injection (SQLi) is a critical vulnerability that allows attackers to manipulate databases through malicious queries. To detect such vulnerabilities in web applications, we integrated SQLMAP, a penetration testing tool, with a Random Forest machine learning model. SQLMAP automates vulnerability detection, and its commands are further automated to enable users to perform tests using simple numerical inputs, improving usability and efficiency. Data collected through SQLMAP is analyzed by the Random Forest classifier, trained on labeled datasets of malicious and benign queries, to predict vulnerabilities with high accuracy. Automation streamlines the process, making penetration testing faster and accessible even to non-technical users. This scalable approach can be expanded to detect other vulnerabilities like Cross-Site Scripting or Remote Code Execution, providing an efficient and user-friendly solution that enhances web application security while contributing to broader cyber security advancements.

Country : India

1 M. Fathima Begum2 Lekha Sree C3 Manasa P

  1. Computer Science & Engineering (Cyber Security), Madanapalle Institute of Technology & Science, Madanapalle, India
  2. Computer Science & Engineering (Cyber Security), Madanapalle Institute of Technology & Science, Madanapalle, India
  3. Computer Science & Engineering (Cyber Security), Madanapalle Institute of Technology & Science, Madanapalle, India

IRJIET, Volume 9, Special Issue of INSPIRE’25 April 2025 pp. 267-272

doi.org/10.47001/IRJIET/2025.INSPIRE43

Full Paper
Download

References

  1. K. R. Veerabudren and G. Bekaroo, “Security in web applications: A comparative analysis of key sql injection detection techniques,” in 2022 4th International Conference on Emerging Trends in Electrical, Electronic and Communications Engineering (ELECOM). IEEE, 2022, pp. 1–6.
  2. M. Lodeiro-Santiago, C. Caballero-Gil, and P. Caballero-Gil, “Collaborative sql-injections detection system with machine learning,” in Proceedings of the 1st International Conference on Internet of Things and Machine Learning, 2017, pp. 1–5.
  3. J. A. Recio-Garc´ıa, M. G. Orozco-del Castillo, and J. A. Soladrero, “Case-based explanation of classification models for the detection of sql injection attacks.” in ICCBR Workshops, 2023, pp. 200–215.
  4. D. T. Loughran, M. K. Salih, and V. H. Subburaj, “All about sql injection attacks,” in Journal of The Colloquium for Information Systems Security Education, vol. 6, no. 1, 2018, pp. 24–24.
  5. A.Sadeghian, M. Zamani, and A. A. Manaf, “A taxonomy of sql injection detection and prevention techniques,” in 2013 international conference on informatics and creative multimedia. IEEE, 2013, pp. 53–56.
  6. P. McDaniel and B. Nuseibeh, “Guest editors’ introduction: Special section on software engineering for secure systems,” IEEE Transactions on Software Engineering, vol. 34, no. 1, p. 3, 2008.
  7. H. Gupta, S. Mondal, S. Ray, B. Giri, R. Majumdar, and V. P. Mishra, “Impact of sql injection in database security,” in 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE). IEEE, 2019, pp. 296–299.
  8. I.Benikhlef, C. Wang, and S. Gulomjon, “Mutation based sql injection test cases generation for the web based application vulnerability testing,” in 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016). Atlantis Press, 2016, pp. 546–551.
  9. A.A. Anaoval, A. T. Zy, and S. Suherman, “Analysis of manual and automated methods effectiveness in website penetration testing for identifying sql injection vulnerabilities,” Journal of Computer Networks, Architecture and High Performance Computing, vol. 6, no. 3, pp. 1204–1212, 2024.
  10. K. Abdulghaffar, N. Elmrabit, and M. Yousefi, “Enhancing web application security through automated penetration testing with multiple vulnerability scanners,” Computers, vol. 12, no. 11, p. 235, 2023.
  11. E. A. Altulaihan, A. Alismail, and M. Frikha, “A survey on web application penetration testing,” Electronics, vol. 12, no. 5, p. 1229, 2023.

Copyright @ 2026-2017 IRJIET. All Right Reserved.

Developed by Byzero Technologies