Hello, I am planning to do my Thesis on SQLIA and now I am trying to understand something about SQLrand. SQLrand - a system for preventing SQLIA against web servers. The main intuition is that by using a randomized SQL query language, specific to a particular CGI application, it is possible to detect and abort queries that include injected code. Now, I do not understand how to randomized the SQL query language? https://www.w3schools.com/sql/func_sqlserver_rand.asp is that how you randomize the SELECT SQL command ? Please gives me some guidelines. Thanks in advance.

Member Avatar
Member Avatar
+0 forum 3

The End.