Web applications are constantly being developed to make life easier and more convenient for businesses and customers; it makes intruders involved in conducting malicious activities. Intruders use vulnerabilities to perform malicious attacks, and injection is the top-ranked vulnerability of web applications. SQL injection is a technique of code injection that places malicious code through web page input in SQL statements. Several numbers of case studies are found in previous research on vulnerability in the web application layer. Various models are introduced, built, and compared with many current SQL injection models and other vulnerabilities in the web application layer. However, there are few automation detections works on SQL injection that provide high precision and no finite state model-based works. This research aimed to propose a model and develop an automated SQL injection detection tool called ADT-SQLi based on the proposed model. In addition, this work was intended to simulate the proposed model with automata called a finite state machine. ADT-SQLi provides better efficacy on the identification of SQL injection and found ADT-SQLi as a finite model as it has exactly one of a finite number of states at any given time.