I am doing an investigation in to cross site scripting and sql injection and maybe other attacks for my thesis basically looking at vulnerabilities in websites that could potentially cause these attacks, I am struggling to come up with ways in which to demonstrate this. Intially I was thinking about setting up a fictional website that is vulnerable to cross site scripting and sql injections etc, and then comparing various methods to prevent this attack, for example the use of vulnerability scanner and code review etc. Anybody have any suggestions to make? What else can you suggest to add that would possibly increase the complexity of the theisis?

Try multiple websites built with different technologies. Then you can compare how they differ in preventing such attacks.

Hi thanks for your reply, when you say different websites with different technologies do you mean websites built with ASP.NET, PHP etc can you please elebortate on that

do you mean websites built with ASP.NET, PHP

Yes, there are more like perl and Ruby for example. You can also think of differences in settings between IIS, Apache and TomCat. Then there's a difference in databases like MySQL, SQL Server, Postgres, SQLite etc.

What do you reckon would be the best way that I should demonstrate this? How can I find out which website use which technology? Since setting up different website built with diffrent technologies would be quite time consuming. sorry for all these questions :)

If you want to add complexity to your thesis it will always be more time consuming. I don't think there are any shortcuts if you want to demonstrate flaws in some technological solution.