Evaluating and mitigating SQL injections in web applications: developing a prototype

Authors

Keywords:

SQL injection, web application security, prototype, usability, Scrum methodology.

Abstract

In the current context of increasing digital vulnerability, SQL injections continue to pose a critical threat to web application security. To address this issue, SecureSQLTester was developed—a prototype aimed at detecting and mitigating SQL injection attacks, designed to be accessible to developers and small businesses. The proposal was based on a systematic review of existing techniques, integrating both classical and advanced protection approaches. The prototype was developed using the agile Scrum methodology, which enabled progressive improvements through iterative work cycles. Usability tests were conducted with software engineering students, who evaluated the tool in simulated scenarios. The results show that SecureSQLTester accurately identifies SQL vulnerabilities in the evaluated applications. However, opportunities for improvement were identified in the user interface, as well as the need to enhance parameter customization according to the usage context. Overall, the findings support the potential of the prototype as an effective and low-cost tool to strengthen cybersecurity in small- and medium-scale development environments and to promote the adoption of best practices throughout the software lifecycle.

DOI

Downloads

Download data is not yet available.

Published

2025-07-07

Issue

Section

Research Articles for the Regular Issue

How to Cite

[1]
“Evaluating and mitigating SQL injections in web applications: developing a prototype”, LAJC, vol. 12, no. 2, pp. 13–25, Jul. 2025, Accessed: Oct. 02, 2025. [Online]. Available: https://lajc.epn.edu.ec/index.php/LAJC/article/view/441