RISK ANALYSIS OF DATABASE PRIVELEGE IMPLEMENTATION IN SQL INJECTION CASE

Software is important thing that needed by enterprises to support business. When developers build software, security must be concerned as important element. In bad condition, security incidents can make financial loss to organizaion so it need mitigation actions to minimize risk. Security testing and risk analysis become base process to choose good mitigation method. Implementation of database privilege become one of mitigation methods that can be used in SQL injection attack case. Based on DREAD analysis, it can decrease risk of SQL injection attack from high to medium ranking.

Download Full-text

SQL Injection Attack Detection Framework Based on HTTP Traffic

10.1145/3472634.3474068 ◽

2021 ◽

Author(s):

ZhongDong Zhu ◽

ShiLin Jia ◽

JiShuai Li ◽

SuJuan Qin ◽

Hui Guo

Keyword(s):

Attack Detection ◽

Sql Injection ◽

Sql Injection Attack

Download Full-text

About SQL Injection Attack

SQL Injection Attacks ◽

10.1007/978-1-4842-6505-5_1 ◽

2020 ◽

Author(s):

Sunil Gupta

Keyword(s):

Sql Injection ◽

Sql Injection Attack

Download Full-text

SQL filtering: An effective technique to prevent SQL injection attack

2016 5th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO) ◽

10.1109/icrito.2016.7784972 ◽

2016 ◽

Cited By ~ 2

Author(s):

Rhythm Dubey ◽

Himanshu Gupta

Keyword(s):

Effective Technique ◽

Sql Injection ◽

Sql Injection Attack

Download Full-text

The research and implement of a framework to detect SQL injection attack automatically

Electronics, Communications and Networks IV ◽

10.1201/b18592-164 ◽

2015 ◽

pp. 901-904

Author(s):

Hongmin Li ◽

Min Lu ◽

Jianping Zhang ◽

Xiaofang Huang

Keyword(s):

Sql Injection ◽

Sql Injection Attack

Download Full-text

Safety Measures and Auto Detection against SQL Injection Attacks

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijeat.b3316.129219 ◽

2019 ◽

Vol 8 (4) ◽

pp. 2827-2833

Keyword(s):

Web Application ◽

Application Programming Interface ◽

Database Management System ◽

Transport Layer ◽

Prototype System ◽

Large Network ◽

Security Measures ◽

Sql Injection ◽

Sql Injection Attack ◽

The Web

The SQL injection attack (SQLIA) occurred when the attacker integrating a code of a malicious SQL query into a valid query statement via a non-valid input. As a result the relational database management system will trigger these malicious query that cause to SQL injection attack. After successful execution, it may interrupts the CIA (confidentiality, integrity and availability) of web API. The vulnerability of Web Application Programming Interface (API) is the prior concern for any programming. The Web API is mainly based of Simple Object Access Protocol (SOAP) protocol which provide its own security and Representational State Transfer (REST) is provide the architectural style to security measures form transport layer. Most of the time developers or newly programmers does not follow the standards of safe programming and forget to validate their input fields in the form. This vulnerability in the web API opens the door for the threats and it’s become a cake walk for the attacker to exploit the database associated with the web API. The objective of paper is to automate the detection of SQL injection attack and secure the poorly coded web API access through large network traffic. The Snort and Moloch approaches are used to develop the hybrid model for auto detection as well as analyze the SQL injection attack for the prototype system

Download Full-text

WEB APPLICATION PROTECTION AGAINST SQL INJECTION ATTACK

International Journal of Advance Engineering and Research Development ◽

10.21090/ijaerd.020330 ◽

2015 ◽

Vol 2 (03) ◽

Keyword(s):

Web Application ◽

Sql Injection ◽

Sql Injection Attack

Download Full-text

Test Analysis Of The Development Conversion And Recognition Prior Learning Models On Vocational Teachers’ Education

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.e1213.0585c19 ◽

2019 ◽

Vol 8 (5C) ◽

pp. 1456-1460

Keyword(s):

Vocational Teachers ◽

Test Results ◽

Security Testing ◽

Prior Learning ◽

Test Analysis ◽

Sql Injection ◽

Internet Explorer ◽

Recognition Of Prior Learning ◽

Security Information ◽

Mozilla Firefox

This study aims to: (1) develop a conversion and recognition of prior learning (RPL) model on the vocational teachers’ education in the field of automotive engineering: (2) determine the software quality developed by the functional suitability, efficiency of performance, compatibility, usability, reliability aspects, maintainability, portability, and security testing based on ISO 25010. The method applied in this Research and Development (R & D) is the Brogg and Gall. The results of the study revealed that: (1) the conversion and prior learning recognition (RPL) models on vocational teachers’ education were in accordance with the requirements of the field (2) Test results on the functional suitability scored 10.5 and a mean of 3.45; the efficiency of performance had a score of 9.5 and a mean of 3.15; compatibility scored 8 with a mean of 4; the usability had a score of 19.5 and mean of 3.2; while the reliability aspect had a score of 13.5 and a mean score of 3,37. Furthermore, the conversion and prior learning recognition models are flexible in use and competent. Regarding the portability aspect, it is compatible with Mozilla Firefox, Google Chrome, and Internet Explorer browsers. It is free from XSS and SQL injection vulnerabilities seen from the security information system.

Download Full-text