@article{Baklizi_Atoum_Abdullah_Al-Wesabi_Otoom_Hasan_2022, title={A Technical Review of SQL Injection Tools and Methods: A Case Study of SQLMap}, volume={10}, url={https://ijisae.org/index.php/IJISAE/article/view/2141}, abstractNote={<p>SQL injection is considered one of the most dangerous threats to websites and also databases, such vulnerability enabling the attacker to access the web and the databases. As it accesses databases it might change, steal the data, or destroy the database utterly. Currently, and with the implementation of sqlmap found in the literature being scarce and limited, SQL injection detection tools and methods are used without any detailed analysis of their strength and weakness. This paper demonstrated different types of SQL injection with an example, also we know how to detect the SQL injection, the paper shows the important tools that enable the detection of dangerous attacks to prevent the SQL injection and compares them according to the important performance parameter measures. Finally, with the implementation adopted on an ethical and legal website, the proposed paper implemented the most important tool which is called sqlmap. The implementation results reveal access to the database and extract the username and password.</p>}, number={3}, journal={International Journal of Intelligent Systems and Applications in Engineering}, author={Baklizi, Mahmoud and Atoum, Issa and Abdullah, Nibras and Al-Wesabi, Ola A. and Otoom, Ahmed Ali and Hasan, Mohammad Al-Sheikh}, year={2022}, month={Oct.}, pages={75–85} }