Evaluación y mitigación de inyecciones SQL en aplicaciones web: desarrollo de un prototipo

Nancy Magali Rodriguez Gavilanes; Byron Daniel Loor Mendoza; Lucrecia Alejandrina Llerena Guevara

Evaluating and mitigating SQL injections in web applications: developing a prototype

Authors

Nancy Magali Rodriguez Gavilanes Quevedo State University https://orcid.org/0000-0002-0861-4352
Byron Daniel Loor Mendoza Quevedo State University https://orcid.org/0009-0002-8110-5375
Lucrecia Alejandrina Llerena Guevara Quevedo State University https://orcid.org/0000-0002-4562-6723

Keywords:

SQL injection, web application security, prototype, usability, Scrum methodology.

Abstract

In the current context of increasing digital vulnerability, SQL injections continue to pose a critical threat to web application security. To address this issue, SecureSQLTester was developed—a prototype aimed at detecting and mitigating SQL injection attacks, designed to be accessible to developers and small businesses. The proposal was based on a systematic review of existing techniques, integrating both classical and advanced protection approaches. The prototype was developed using the agile Scrum methodology, which enabled progressive improvements through iterative work cycles. Usability tests were conducted with software engineering students, who evaluated the tool in simulated scenarios. The results show that SecureSQLTester accurately identifies SQL vulnerabilities in the evaluated applications. However, opportunities for improvement were identified in the user interface, as well as the need to enhance parameter customization according to the usage context. Overall, the findings support the potential of the prototype as an effective and low-cost tool to strengthen cybersecurity in small- and medium-scale development environments and to promote the adoption of best practices throughout the software lifecycle.

Downloads

Download data is not yet available.

Downloads

Published

2025-07-07

Issue

Vol. 12 No. 2 (2025)

Section

Research Articles for the Regular Issue

License

Copyright Notice

Authors who publish this journal agree to the following terms:

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-Non-Commercial-Share-Alike 4.0 International 4.0 that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.

Disclaimer

LAJC in no event shall be liable for any direct, indirect, incidental, punitive, or consequential copyright infringement claims related to articles that have been submitted for evaluation, or published in any issue of this journal. Find out more in our Disclaimer Notice.

How to Cite

[1]

“Evaluating and mitigating SQL injections in web applications: developing a prototype”, LAJC, vol. 12, no. 2, pp. 13–25, Jul. 2025, Accessed: Oct. 23, 2025. [Online]. Available: https://lajc.epn.edu.ec/index.php/LAJC/article/view/441