SDriver: Location-specific signatures prevent SQL injection attacks

SQL injection attacks involve the construction of application input data that will result in the execution of malicious SQL statements. Many web applications are prone to SQL injection attacks. This paper proposes a novel methodology of preventing this kind of attacks by placing a secure database driver between the application and its underlying relational database management system. To detect an attack, the driver uses stripped-down SQL queries and stack traces to create SQL statement signatures that are then used to distinguish between injected and legitimate queries. The driver depends neither on the application nor on the RDBMS and can be easily retrofitted to any system. We have developed a tool, SDriver, that implements our technique and used it on several web applications with positive results.