Preventing SQL Injection: Models and Defense Strategies