Threat Assessment and Management in PHP

This paper focuses on the vulnerabilities that may occur in any Web application and then removing these vulnerabilities. A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. A vulnerability assessment is conducted to determine the weaknesses inherent in the information systems that could be exploited, leading to information system breach. In this paper we will discuss different types of SQL injection methods. Besides the manual testing approaches, we will try to explain some automated testing approaches which focuses on improving the accurateness and exactness of vulnerability testing. Moreover in this paper we will discuss the main principles of automated testing approach. As a rule, SQL-injection attacks depend on some weak validation of text based input data which are put to use for building database queries. Malignantly crafted input may debilitate the confidentiality and the security strategies of sites depending on the database to store and recover data. This paper introduces a unique methodology in light of static investigation to consequently recognize statements in PHP applications that may be defenseless to SQL-injection activated by either vindictive input or vindictive code.