Risk assessment of SQL injection: An experimental study

The Web applications often handle confidential data such as Internet account passwords, credit card numbers, and so on. These sensitive data are generally transmitted over the Internet and therefore, exposed to the public. Given that, there is a very high risk of unlawfully accessing these data by hackers and others, especially since web applications are becoming notoriously vulnerable and are the target of a majority of Internet-based attacks. This paper proposes an assessment of web scanners that used for detecting web applications security flaws. In particular, we're focusing on SQL injection vulnerability in web applications.