A project to demonstrate SQL injection prevention techniques. This project is an implementation of the following papers
- Detection of SQL injection attacks by removing the parameter values of SQL query
- Prevention of SQL Injection Attacks using Query Hashing Technique
The compareQueries function in the server/index.js file of every branch contains code that implements the papers.
The param-removal branch contains code for Paper 1 and query-hash branch contains code for Paper 2.
The injections.txt file contains injections to test the prevention methods. The main branch is vulnerable to these injections while the other branches are not.
- MySQL must be installed to run this application. To install MySQL visit https://www.mysql.com/downloads/
- Clone the repository and open it the terminal
- Open the client and server folders in the terminal and run
npm installin both to install packages to run the application - Populate your MySQL credentials between lines 14-20 of server/index.js
- Create a table in your database using the following command
Create table users(username varchar(100), password varchar(100));
- Open the server folder and run
node index.jsto start the server - Open the client folder and run
npm startto start the front-end - The application will visible on http://localhost:3000/