Vulnerability Mitigation ofWeb Data Bases by Identification of SQL Blind Injection Based on Customer Request

In recent years, the "SQL Injection Attacks" are considered one of the serious threats for webapplication programs which somehow take advantage of data bases. These internet based attacks, inject the unwanted SQL into the data base through an input parameter. Various methods to prevent the intrusion of SQL injection attacks have been introduced, all of which are practical in the favor of the service provider and are involved with web application codes or data base inquiry codes. In this article, a new method to prevent the injection attacks, has been presented which involves the requests sent to the service provider in such a way as to prevent the web application programs by identifying that the user is sending an unwanted SQL and injecting it to the data base. Since the customer request towards the service provider at the exit point from the customer and the input from the service provider are accessible, the possibility of implementing this method at both of these points will be reviewed. A special kind of these attacks is called " SQL Blind Injection Attacks" which due to their being less reviewed, is especially condidered in this essay.