Intrusion Protection against SQL Injection and Cross Site Scripting Attacks Using a Reverse Proxy

2012 ◽  
pp. 252-263 ◽  
Author(s):  
S. Fouzul Hidhaya ◽  
Angelina Geetha
Keyword(s):  
Sql Injection ◽  
Cross Site

SQL Code Poisoning

2011 ◽  
pp. 161-171
Author(s):  
Theodoros Tzouramanis
Keyword(s):  
Anomaly Detection ◽  
Management System ◽  
Database Management ◽  
Query Language ◽  
Database Management System ◽  
Sql Injection ◽  
Database Administrator ◽  
Structured Query Language ◽  
Sql Injection Attack ◽  
Cross Site

Anomaly Detection; Cookie Poisoning; CRLF Injection Attack; Cross-Site Scripting (or CSS) Attack Database Administrator (DBA); Database Management System (DBMS); Database Structured Query Language (SQL); Directory Traversal Attack; Google Hacking Attack; Secrecy; Integrity; and Availability; SQL Code Poisoning (or SQL Injection) Attack

scholarly journals Automatic creation of SQL Injection and cross-site scripting attacks

2009 ◽  
Author(s):  
Adam Kieyzun ◽  
Philip J. Guo ◽  
Karthick Jayaraman ◽  
Michael D. Ernst
Keyword(s):  
Sql Injection ◽  
Cross Site

scholarly journals Analysis of Hacker Attack Using Honeypot High Interaction

2018 ◽  
Vol 14 ◽  
Author(s):  
Wahyu Purnama Sari ◽  
I Nyoman Adhi Palguna Putra
Keyword(s):  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Brute Force ◽  
Security Technology ◽  
Security Systems ◽  
Sql Injection ◽  
Wide Range ◽  
High Interaction ◽  
A Company ◽  
Cross Site

Information is a corporate asset that should be kept confidential access to parties who are not responsible. Aspects of the security of the information to be protected includes the Confidentiality, Integrity and Availability. A wide range of attacks and threats can be made to take over the assets of the desired information. A hacker is someone who has the ability to penetrate security systems of a company. There are several types of hacker attacks performed, i.e. SQL Injection, Cross Site Scripting (XSS), Brute Force, Distributed-Denial-of-Service (DDoS), Inclusion, Code Injection and more. Honeypot is a security technology that aims to identify, find security gaps and contribute actively when there are security intrusions on information technology activities. High Interaction Honeypot (Hihat) may record and collect information more specific attacks and more. The type of attack that was recorded by the Honeypot Hihat is then analyzed to find out the type of attack that most got into XYZ Company.

scholarly journals Models and scenarios of implementation of threats for internet resources

2020 ◽  
Vol 8 (6) ◽  
pp. 9-33
Author(s):  
S. A. Lesko
Keyword(s):  
Web Application ◽  
Query Language ◽  
Sql Injection ◽  
Web Resource ◽  
Injection Attacks ◽  
Sql Injections ◽  
Sql Injection Attacks ◽  
Client Side ◽  
Cross Site ◽  
The Web

To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.

scholarly journals Analisis Keamanan pada Aplikasi Her-registrasi Online Mahasiswa Universitas Diponegoro

2016 ◽  
Vol 4 (3) ◽  
pp. 479
Author(s):  
Hilal Afrih Juhad ◽  
R. Rizal Isnanto ◽  
Eko Didik Widianto
Keyword(s):  
Security Analysis ◽  
Audit Report ◽  
Security Audit ◽  
Sensitive Data ◽  
Sql Injection ◽  
Online Application ◽  
Injection Attacks ◽  
Sql Injection Attacks ◽  
Application Developers ◽  
Cross Site

The security aspect is often forgotten in the application of Information Technology. The attacks were caused by the negligence of the developer causes damage to the system used. SQL Injection attacks, Cross Site Scripting attacks, and no use of encrypted channels lead to the exposure of sensitive data users. Objectives of this research is to perform an audit and analysis of the security aspects against the Her-registration Colege Students Online Application of Diponegoro University. Audit and security analysis is prevention step so that the vulnerabilities found not to be a entrances to the system hackers. The results of this research are a security audit report that contains the vulnerability Her-registration College Students Online Application of Diponegoro University. The audit report will be used as a reference for application developers Her-registration Colege Students Online Application of Diponegoro University to improve the system.

Sign in / Sign up

Export Citation Format

Share Document