Q:What is SQLChop? How does it work?
A: SQLChop is a novel SQL injection detection engine, it works using SQL tokenizing and syntax analysis on decoded payload of the original web input. Benchmark tests show that SQLChop really works like a charm on detecting SQLi, with both precision and recall at a very high level.
SQLChop is a novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis. Web input (URLPath, body, cookie, etc) will be first decoded to the raw payloads that web app accepts, then syntactical analysis will be performed on payload to classify result. The algorithm behind SQLChop is based on compiler knowledge and automata theory, and runs at a time complexity of O(N).