Method For Generating Test Data For Detecting SQL Injection Vulnerability in Web Application

2019 ◽  
Author(s):  
Nor Fatimah Awang ◽  
Ahmad Dahari Jarno ◽  
Syahaneim Marzuki ◽  
Nor Azliana Akmal Jamaludin ◽  
Khairani Abd Majid ◽  
...  
Keyword(s):  
Test Data ◽  
Web Application ◽  
Sql Injection

scholarly journals Safety Measures and Auto Detection against SQL Injection Attacks

2019 ◽  
Vol 8 (4) ◽  
pp. 2827-2833
Keyword(s):  
Web Application ◽  
Application Programming Interface ◽  
Database Management System ◽  
Transport Layer ◽  
Prototype System ◽  
Large Network ◽  
Security Measures ◽  
Sql Injection ◽  
Sql Injection Attack ◽  
The Web

The SQL injection attack (SQLIA) occurred when the attacker integrating a code of a malicious SQL query into a valid query statement via a non-valid input. As a result the relational database management system will trigger these malicious query that cause to SQL injection attack. After successful execution, it may interrupts the CIA (confidentiality, integrity and availability) of web API. The vulnerability of Web Application Programming Interface (API) is the prior concern for any programming. The Web API is mainly based of Simple Object Access Protocol (SOAP) protocol which provide its own security and Representational State Transfer (REST) is provide the architectural style to security measures form transport layer. Most of the time developers or newly programmers does not follow the standards of safe programming and forget to validate their input fields in the form. This vulnerability in the web API opens the door for the threats and it’s become a cake walk for the attacker to exploit the database associated with the web API. The objective of paper is to automate the detection of SQL injection attack and secure the poorly coded web API access through large network traffic. The Snort and Moloch approaches are used to develop the hybrid model for auto detection as well as analyze the SQL injection attack for the prototype system

scholarly journals Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment

2020 ◽  
Vol 7 (4) ◽  
pp. 853
Author(s):  
Imam Riadi ◽  
Anton Yudhana ◽  
Yunanri W
Keyword(s):  
Open Access ◽  
Vulnerability Assessment ◽  
Web Application ◽  
Scientific Publication ◽  
Information Gathering ◽  
Public Knowledge ◽  
Audit Process ◽  
Sql Injection ◽  
Web Application Security ◽  
Access Port

<p class="Body"><em>Open Journal System</em> (OJS) merupakan perangkat lunak yang berfungsi sebagai sarana publikasi ilmiah dan digunakan diseluruh dunia. OJS yang tidak dipantau beresiko diserang oleh <em>hacker</em>.  Kerentanan yang di timbulkan oleh <em>hacker</em> akan berakibat buruk terhadap performa dari sebuah OJS.  Permasalahan yang dihadapi pada sistem OJS meliputi <em>network</em>, <em>port discover</em>, proses audit <em>exploit</em> sistem OJS. Proses audit sistem pada OJS mencakup <em>SQL Injection</em>, melewati <em>firewall </em>pembobolan <em>password</em>. Parameter input yang digunakan adalah IP<em> </em><em>address</em> dan <em>p</em><em>ort open access</em>. Metode yang digunakan adalah <em>vulnerability assessment</em>. Yang terdiri dari beberapa tahapan seperti <em>information gathering</em> atau <em>footprinting</em>, <em>scanning vulnerability</em>, <em>reporting</em>. Kegiatan ini bertujuan untuk mengidentifikasi celah keamanan pada <em>website o</em><em>pen j</em><em>ournal s</em><em>ystem</em> (OJS). Penelitian ini menggunakan <em>o</em><em>pen w</em><em>eb a</em><em>pplication s</em><em>ecurity p</em><em>roject</em> (OWASP). Pengujian yang telah dilakukan berhasil mengidentifikasi 70 kerentanan<em> high</em>, 1929 <em>medium</em>,<em> </em>4050 <em>low</em> pada OJS, Total nilai <em>vulnerabilit</em>y pada OJS yang di uji coba sebesar 6049. Hasil pengujian yang dilakukan menunjukkan bahwa pada OJS versi 2.4.7 memiliki banyak celah kerentanan atau <em>vulnerability</em>, tidak di rekomendasi untuk digunakan. Gunakanlah versi terbaru yang dikeluarkan oleh pihak OJS <em>Public knowledge  project</em> (PKP).</p><p class="Body"> </p><p class="Body"><em><strong>Abstract</strong></em></p><p class="Judul21"><em>The Open Journal System (OJS) is </em><em>A </em><em>software that functions as a means of scientific publication and is used throughout the world. OJS that is not monitored is at risk of being attacked by hackers. Vulnerabilities caused by hackers will adversely affect the performance of an OJS. The problems faced by the OJS system include the network, port discover, OJS system audit exploit process. The system audit process on the OJS includes SQL Injection, bypassing the firewall breaking passwords. The input parameters used are the IP address and open access port. The method used is a vulnerability assessment. Which consists of several stages such as information gathering or footprinting, scanning vulnerability, reporting. This activity aims to identify security holes on the open journal system (OJS) website. This study uses an open web application security project (OWASP). Tests that have been carried out successfully identified 70 vulnerabilities high, 1929 medium, 4050 low in OJS, the total value of vulnerability in OJS which was tested was 6049. The results of tests conducted showed that in OJS version 2.4.7 had many vulnerabilities or vulnerabilities, not on recommendations for use. Use the latest version issued by the OJS Public Knowledge Project (PKP).</em></p><p class="Body"><em><strong><br /></strong></em></p>

SQL Injection Attacks Countermeasures

2012 ◽  
pp. 194-213
Author(s):  
Kasra Amirtahmasebi ◽  
Seyed Reza Jalalinia
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Confidential Information ◽  
Sql Injection ◽  
Unauthorized Access ◽  
Injection Attacks ◽  
Prevention Techniques ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

SQL Injection Prevention in Web Application: A Review

2021 ◽  
pp. 568-585
Author(s):  
Joanna Hazaline Binti Johny ◽  
Wafa Athilah Fikriah Binti Nordin ◽  
Nurrina Mizana Binti Lahapi ◽  
Yu-Beng Leau
Keyword(s):  
Web Application ◽  
Sql Injection

scholarly journals Poor Coding Leads to DoS Attack and Security Issues in Web Applications for Sensors

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Khuda Bux Jalbani ◽  
Muhammad Yousaf ◽  
Muhammad Shahzad Sarfraz ◽  
Rozita Jamili Oskouei ◽  
Akhtar Hussain ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Mobile Apps ◽  
Denial Of Service ◽  
Mobile App ◽  
Business Community ◽  
Third Party ◽  
Sql Injection ◽  
First Choice ◽  
Online Stores

As the SQL injection attack is still at the top of the list at Open Web Application Security Project (OWASP) for more than one decade, this type of attack created too many types of issues for a web application, sensors, or any similar type of applications, such as leakage of user private data and organization intellectual property, or may cause Distributed Denial of Service (DDoS) attacks. This paper focused on the poor coding or invalidated input field which is a big cause of services unavailability for web applications. Secondly, it focused on the selection of program created issues for the WebSocket connections between sensors and the webserver. The number of users is growing to use web applications and mobile apps. These web applications or mobile apps are used for different purposes such as tracking vehicles, banking services, online stores for shopping, taxi booking, logistics, education, monitoring user activities, collecting data, or sending any instructions to sensors, and social websites. Web applications are easy to develop with less time and at a low cost. Due to that, business community or individual service provider’s first choice is to have a website and mobile app. So everyone is trying to provide 24/7 services to its users without any downtime. But there are some critical issues of web application design and development. These problems are leading to too many security loopholes for web servers, web applications, and its user’s privacy. Because of poor coding and validation of input fields, these web applications are vulnerable to SQL Injection and other security problems. Instead of using the latest third-party frameworks, language for website development, and version database server, another factor to disturb the services of a web server may be the socket programming for sensors at the production level. These sensors are installed in vehicles to track or use them for booking mobile apps.

Sign in / Sign up

Export Citation Format

Share Document