International Research Journal of Innovations in Engineering and Technology - IRJIET International Open Access, Monthly, Peer Reviewed, Reputed Journal ISSN (online): 2581-3048

Impact Factor (2025): 6.9

DOI Prefix: 10.47001/IRJIET

Enhancement of Web Application Security using SQLMap and Machine Learning

M. Fathima BegumComputer Science & Engineering (Cyber Security), Madanapalle Institute of Technology & Science, Madanapalle, IndiaLekha Sree CComputer Science & Engineering (Cyber Security), Madanapalle Institute of Technology & Science, Madanapalle, IndiaManasa PComputer Science & Engineering (Cyber Security), Madanapalle Institute of Technology & Science, Madanapalle, India

Vol 9 No 25 (2025): Volume 9, Special Issue of INSPIRE’25 April 2025 | Pages: 267-272

International Research Journal of Innovations in Engineering and Technology

OPEN ACCESS | Research Article | Published Date: 24-04-2025

doi Logo doi.org/10.47001/IRJIET/2025.INSPIRE43

pdf iconFull Text PDF
Abstract

SQL Injection (SQLi) is a critical vulnerability that allows attackers to manipulate databases through malicious queries. To detect such vulnerabilities in web applications, we integrated SQLMAP, a penetration testing tool, with a Random Forest machine learning model. SQLMAP automates vulnerability detection, and its commands are further automated to enable users to perform tests using simple numerical inputs, improving usability and efficiency. Data collected through SQLMAP is analyzed by the Random Forest classifier, trained on labeled datasets of malicious and benign queries, to predict vulnerabilities with high accuracy. Automation streamlines the process, making penetration testing faster and accessible even to non-technical users. This scalable approach can be expanded to detect other vulnerabilities like Cross-Site Scripting or Remote Code Execution, providing an efficient and user-friendly solution that enhances web application security while contributing to broader cyber security advancements.

Keywords

SQL Injection (SQLi), Machine Learning, SQLMAP, classifier, cyber security


Citation of this Article

M. Fathima Begum, Lekha Sree C, & Manasa P. (2025). Enhancement of Web Application Security using SQLMap and Machine Learning. In proceeding of International Conference on Sustainable Practices and Innovations in Research and Engineering (INSPIRE'25), published by IRJIET, Volume 9, Special Issue of INSPIRE’25, pp 267-272. Article DOI https://doi.org/10.47001/IRJIET/2025.INSPIRE43

Licence Copyright (c) 2026 International Research Journal of Innovations in Engineering and Technology creative common licence This work is licensed under Creative common Attribution Non Commercial 4.0 Internation Licence
References
  1. K. R. Veerabudren and G. Bekaroo, “Security in web applications: A comparative analysis of key sql injection detection techniques,” in 2022 4th International Conference on Emerging Trends in Electrical, Electronic and Communications Engineering (ELECOM). IEEE, 2022, pp. 1–6.
  2. M. Lodeiro-Santiago, C. Caballero-Gil, and P. Caballero-Gil, “Collaborative sql-injections detection system with machine learning,” in Proceedings of the 1st International Conference on Internet of Things and Machine Learning, 2017, pp. 1–5.
  3. J. A. Recio-Garc´ıa, M. G. Orozco-del Castillo, and J. A. Soladrero, “Case-based explanation of classification models for the detection of sql injection attacks.” in ICCBR Workshops, 2023, pp. 200–215.
  4. D. T. Loughran, M. K. Salih, and V. H. Subburaj, “All about sql injection attacks,” in Journal of The Colloquium for Information Systems Security Education, vol. 6, no. 1, 2018, pp. 24–24.
  5. A.Sadeghian, M. Zamani, and A. A. Manaf, “A taxonomy of sql injection detection and prevention techniques,” in 2013 international conference on informatics and creative multimedia. IEEE, 2013, pp. 53–56.
  6. P. McDaniel and B. Nuseibeh, “Guest editors’ introduction: Special section on software engineering for secure systems,” IEEE Transactions on Software Engineering, vol. 34, no. 1, p. 3, 2008.
  7. H. Gupta, S. Mondal, S. Ray, B. Giri, R. Majumdar, and V. P. Mishra, “Impact of sql injection in database security,” in 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE). IEEE, 2019, pp. 296–299.
  8. I.Benikhlef, C. Wang, and S. Gulomjon, “Mutation based sql injection test cases generation for the web based application vulnerability testing,” in 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016). Atlantis Press, 2016, pp. 546–551.
  9. A.A. Anaoval, A. T. Zy, and S. Suherman, “Analysis of manual and automated methods effectiveness in website penetration testing for identifying sql injection vulnerabilities,” Journal of Computer Networks, Architecture and High Performance Computing, vol. 6, no. 3, pp. 1204–1212, 2024.
  10. K. Abdulghaffar, N. Elmrabit, and M. Yousefi, “Enhancing web application security through automated penetration testing with multiple vulnerability scanners,” Computers, vol. 12, no. 11, p. 235, 2023.
  11. E. A. Altulaihan, A. Alismail, and M. Frikha, “A survey on web application penetration testing,” Electronics, vol. 12, no. 5, p. 1229, 2023.

Copyright @ 2026 IRJIET. All Right Reserved.

Licensed underCreative Commons Attribution 4.0 International License.