I am planning to do my Thesis on SQLIA and now I am trying to understand something about SQLrand.
SQLrand - a system for preventing SQLIA against web servers. The main intuition is that by using a randomized SQL query language, specific to a particular CGI application, it is possible to detect and abort queries that include injected code.
Now, I do not understand how to randomized the SQL query language?
is that how you randomize the SELECT SQL command ?
Please gives me some guidelines.
Thanks in advance.