WASP: A technique for detecting SQL Injection Attacks, which is based on positive tainting and syntax-aware evaluation.
AMNESIA: A model-based approach for detecting SQL Injection Attacks. This approach uses static analysis to build a model of an application's legal queries to the database and then, at runtime, checks to make sure that all queries match the model.
SQL Injection Application Testbed: Repository of web applications that contain vulnerabilities to SQL Injection Attacks. Includes source and the test inputs that we used to evaluate the AMNESIA and WASP approaches.