Detecting SQL Injection Using Correlative Log Analysis

2018 ◽  
Vol 7 (2.32) ◽  
pp. 389
Author(s):  
T Sreeja ◽  
Dr Manna Sheela Rani Chetty ◽  
Sekhar Babu Boddu
Keyword(s):  
Cyber Security ◽  
Web Application ◽  
Finite Automata ◽  
Cyber Attacks ◽  
Log Analysis ◽  
Security Market ◽  
Sensitive Data ◽  
Sql Injection ◽  
Automated Tools ◽  
Global Demography

The spiking landscape of cyber-attacks is reflecting its trend towards invoking vulnerabilities in a web application. The vulnerabilities seem to be over-growing second by second beside being over-coming time to time. The reason behind is, new attack vectors are often being deployed by the threat actors. The global cyber security market alone has brought a turnover of about $350 billion, which shows how wide the attack landscape is and how expensive it is to detect, protect and respond to the cyber issues. Most of the security experts have quoted that, the average cost of a data breach will exceed to $150million by 2020 and about 80 percent of the global demography were nowhere aware of such attacks. From the past few years, SQL injection is acting as a major vector in breaching the sensitive data. Detecting SQL injection through log correlation is the most effective methodology utilized under adaptive environments seeking no tool investigation. This paper exposes a detection methodology of an SQL injection attack without any mere concentration on automated tools. The paper goes with a motto of detection through configuring the available resources like web server,database,and an IDS in a way of creating adaptable environment that can bring the entire attacker information through log analysis. The paper would represent the attacker phases in a finite automata.  

Cyber Security and Business Growth

2016 ◽  
pp. 14-27
Author(s):  
Akanksha Sharma ◽  
Prashant Tandekar
Keyword(s):  
Cyber Security ◽  
Security Policy ◽  
Cyber Attacks ◽  
Information And Communications Technologies ◽  
Sensitive Data ◽  
Business World ◽  
Global Information Society ◽  
Information And Communication ◽  
Customer Trust ◽  
Telecom Sector

Information and Communications Technologies (ICTs), particular the Internet, have been an increasingly important aspect of global social, political and economic life, and are the backbone of the global information society today. Their evolution and development has brought many benefits along with the threat of serious cyber-attacks that had been demonstrated over the past few years. Due to cybercrime business world drains huge money each year and incurs a large amount in resolving a single attack. It also damages organization's reputation and brand image, loss of intellectual property and sensitive data, loss of customer trust etc. Addressing major threats and challenges begins with setting up information security policy to ensure confidentiality, integrity and availability of company information and communication. Since telecom Sector is on its boom, a technological solution can solve the immediate challenges of identifying, investigating, and prosecuting computer- related crimes and changes required for long-term problem solving.

scholarly journals A lightweight cryptographic solution to secure digital transmissions on resource-constrained environments

2021 ◽  
Vol 10 (2) ◽  
pp. 38-45
Author(s):  
Saiida Lazaar
Keyword(s):  
Cyber Security ◽  
Hash Functions ◽  
Cyber Attacks ◽  
Constrained Systems ◽  
Sensitive Data ◽  
Constrained Environments ◽  
Secure Networks ◽  
Cyber Space ◽  
To Come ◽  
Main Components

The great revolution of technology and its fast growth have led to a cyber space increasingly vulnerable to cyber-attacks. For this reason, cyber security becomes paramount to protect our cyber space by presenting and implementing important solutions to protect sensitive data from malicious persons. Thereby various measures of protection have been developed and aim to minimize the risks and damages of attacks. Among them, cryptography plays a vital and crucial role in protecting sensitive transmissions and electronic exchanges through complex networks. Numerous scientific studies have emerged with the advent of the cloud and the Internet of Things (IoT); all of them have expressed a strong need for building secure, efficient and fast cryptosystems targeting confidentiality, integrity and authentication. The last two objectives are essentially built on hash functions which are the main components of many applications and secure networks. The purpose of this paper is to give recent advances of lightweight cryptographic solutions that meet the requirements of constrained systems, and to present a study, in terms of security, energy-consuming and efficiency, of the main hash functions standardized by NIST (National Institute of Standards and Technology). In the end, the paper will give a comparison between the studied hash functions aiming to come up with a recommendation of good lightweight hash functions suitable for implementation in an IoT framework.

scholarly journals Program Analysis For Database Injections

2017 ◽  
Vol 16 (6) ◽  
pp. 6977-6986
Author(s):  
Chelsea Ramsingh ◽  
Paolina Centonze
Keyword(s):  
Open Source ◽  
Private Information ◽  
Program Analysis ◽  
Query Language ◽  
Cyber Attacks ◽  
Test Cases ◽  
Sensitive Data ◽  
Sql Injection ◽  
Testing Tools ◽  
Private Data

Today businesses all around the world use databases in many different ways to store sensitive data. It is important that the data stored stay safe and does not get into the wrong hands. To perform data management in a database, the language SQL (Structured Query Language) can be used. It is extremely crucial to prevent these databases from being attacked to ensure the security of the users’ sensitive and private data. This journal will focus on the most common way hackers exploit data from databases through SQL injection, and it presents dynamic and static code testing to find and prevent these SQL cyber attacks by comparing two testing tools. It will also present a comparative analysis and static/dynamic code testing of two SQL injection detection tools. Burp Suite and Vega will be used to identify possible flaws in test cases dealing with users’ sensitive and private information. Currently, there are no comparisons of these two open-source tools to quantify the number of flaws these two tools are able to detect. Also, there are no detailed papers found fully testing the open-source Burp Suite and Vega for SQL Injection. These two open-source tools are commonly used but have not been tested enough. A static analyzer detecting SQL Injection will be used to test and compare the results of the dynamic analyzer. In addition, this paper will suggest techniques and methods to ensure the security of sensitive data from SQL injection. The prevention of SQL injection is imperative and it is crucial to secure the sensitive data from potential hackers who want to exploit it.

Cyber Security and Business Growth

2018 ◽  
pp. 1208-1221
Author(s):  
Akanksha Sharma ◽  
Prashant Tandekar
Keyword(s):  
Cyber Security ◽  
Security Policy ◽  
Cyber Attacks ◽  
Information And Communications Technologies ◽  
Sensitive Data ◽  
Business World ◽  
Global Information Society ◽  
Information And Communication ◽  
Customer Trust ◽  
Telecom Sector

Information and Communications Technologies (ICTs), particular the Internet, have been an increasingly important aspect of global social, political and economic life, and are the backbone of the global information society today. Their evolution and development has brought many benefits along with the threat of serious cyber-attacks that had been demonstrated over the past few years. Due to cybercrime business world drains huge money each year and incurs a large amount in resolving a single attack. It also damages organization's reputation and brand image, loss of intellectual property and sensitive data, loss of customer trust etc. Addressing major threats and challenges begins with setting up information security policy to ensure confidentiality, integrity and availability of company information and communication. Since telecom Sector is on its boom, a technological solution can solve the immediate challenges of identifying, investigating, and prosecuting computer- related crimes and changes required for long-term problem solving.

Comparison between Saudi Arabia and USA: Prevention and Dealing with Cyber Security

2021 ◽  
pp. 77-87
Author(s):  
Sonia Ibrahim ◽  
◽  
◽  
◽  
◽  
...  
Keyword(s):  
Saudi Arabia ◽  
Deep Learning ◽  
Cyber Security ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Sensitive Data ◽  
External Threats ◽  
The Us ◽  
Security Practices ◽  
Training And Support

Cyber security practices mainly involve the prevention of external threats to software, hardware, server data, and other assets which are connected to the internet. Organizations follow a lot of cyber security practices to protect their systems and databases from malicious cyber actors. Cybercriminals use different techniques like spear-phishing, phishing, password attack, denial of service, ransomware, etc. to cause harm to people, organizations, and governments and steal important information from them. We analyzed the use of deep learning algorithms to deal with cyber-attacks. Deep neural networks or deep learning consist of machine learning procedures to support the network to fix complex issues and learn from unmanaged data. In addition, we also analyzed some of the cyber security laws and practices implemented in the US and Saudi Arabia to work collaboratively against cyber threats. It is observed that both countries are doing well against cyberthreats, but they need to work even more to provide training and support to professionals in the public sector who handle sensitive data about cyber security.

scholarly journals Component based Web Application Firewall for Analyzing and Defending SQL Injection Attack Vectors

2019 ◽  
Vol 8 (3) ◽  
pp. 4183-4190
Keyword(s):  
Web Application ◽  
Query Language ◽  
Cyber Attacks ◽  
Sql Injection ◽  
Web Application Security ◽  
Application Security ◽  
Service Interruption ◽  
Structured Query Language ◽  
Authentication And Authorization ◽  
Hypertext Transfer Protocol

Structured query language injection is a top rated vulnerability by open web application security project community. If a web application has structured query language vulnerability in source code, then such application is prone to cyber-attacks, leading to attack on confidentiality, integrity and availability. Attackers are always ready to exploit structured query language injection vulnerabilities by executing various online attack vectors and many times successfully bypass authentication and authorization to gain privilege access on web and database server leading to service interruption, data interception, modification, fabrication and sometime complete deletion of database. The present paper is an attempt to propose an advance component based web application firewall to enhance web application security by mitigating structured query language injection attack vectors by analyzing hypertext transfer protocol request variables through analyzer component and defending injection attack through defender component based on content policy installed on advance web application firewall.

Survey of Recent Cyber Security Attacks on Robotic Systems and Their Mitigation Approaches

2017 ◽  
pp. 284-299 ◽  
Author(s):  
Abdullahi Chowdhury ◽  
Gour Karmakar ◽  
Joarder Kamruzzaman
Keyword(s):  
Digital Media ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Rapid Expansion ◽  
Robotic Systems ◽  
Sensitive Data ◽  
Public And Private ◽  
Security Research ◽  
Cyber Crimes ◽  
Iot Devices

With the rapid expansion of digital media and the advancement of the artificial intelligence, robotics has drawn the attention of cyber security research community. Robotics systems use many Internet of Things (IoT) devices, web interface, internal and external wireless sensor networks and cellular networks for better communication and smart services. Individuals, industries and governments organisations are facing financial loses, losing time and sensitive data due these cyber attacks. The use these different devices and networks in robotics systems are creating new vulnerabilities and potential risk for cyber attacks. This chapter discusses about the possible cyber attacks and economics losses due to these attacks in robotics systems. In this chapter, we analyse the increasing uses of public and private robots, which has created possibility of having more cyber-crimes. Finally, contemporary and important mitigation approaches for these cyber attacks in robotic systems have been discussed in this chapter.

scholarly journals Teknik Uji Penetrasi Web Server Menggunakan SQL Injection dengan SQLmap di Kalilinux

2021 ◽  
Vol 6 (2) ◽  
pp. 210
Author(s):  
Rudi Hermawan
Keyword(s):  
Web Application ◽  
User Authentication ◽  
Web Server ◽  
Cyber Attacks ◽  
Injection Technique ◽  
Sql Injection ◽  
User Access ◽  
Will Force ◽  
Application Developers ◽  
Sql Query

<p><em>In recent years cases of cyber attacks that lead to website security have increased. The most widely used website hacking threat is sql injection. By using the sqlmap tool that runs on the Kalilinux  operating system, attackers can easily take over very important user authentication data with their passwords. Attackers only use a special SQL query script using the python programming language will force the web server to output database information, tables, columns and data contents. This sql injection technique is not difficult, knowing how sql injection works is expected to be useful for web admins and web application developers to be able to secure user access from attackers. This attack simulation uses a virtual machine, by creating two virtual computers that are scripted as the attacker and the target server. By testing through this simulation, we can find out how the attack process and the consequences of attacks carried out by attackers.</em></p>

scholarly journals Maritime Cyber Security Analysis – How to Reduce Threats?

2019 ◽  
Vol 8 (1) ◽  
pp. 132-139 ◽  
Author(s):  
Ivan Mraković ◽  
Ranko Vojinović
Keyword(s):  
Cyber Security ◽  
Security Analysis ◽  
Holistic Approach ◽  
Daily Basis ◽  
Cyber Attacks ◽  
Special Focus ◽  
Maritime Industry ◽  
Sensitive Data ◽  
Loss Of Life ◽  
Internet Environment

Maritime cyber security management requires a holistic approach as there is an increase in complexity, digitalization, and automation of systems in maritime industry. Numerous interconnected systems between ship and shore, which are in need of a special focus in the internet environment, are increasing on daily basis. Nowadays one of the major concerns in maritime computing is vulnerability to cyber-attacks. In maritime industry, cyber incidents can lead to loss of life, loss of control over ships or sensitive data, as well as ship and/or cargo hijacking. This paper therefore covers key problems of maritime industry from cyber security perspective and proposes solutions on how to eliminate or minimize them.

Survey of Recent Cyber Security Attacks on Robotic Systems and Their Mitigation Approaches

2019 ◽  
pp. 1426-1441
Author(s):  
Abdullahi Chowdhury ◽  
Gour Karmakar ◽  
Joarder Kamruzzaman
Keyword(s):  
Digital Media ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Rapid Expansion ◽  
Robotic Systems ◽  
Sensitive Data ◽  
Public And Private ◽  
Security Research ◽  
Cyber Crimes ◽  
Iot Devices

With the rapid expansion of digital media and the advancement of the artificial intelligence, robotics has drawn the attention of cyber security research community. Robotics systems use many Internet of Things (IoT) devices, web interface, internal and external wireless sensor networks and cellular networks for better communication and smart services. Individuals, industries and governments organisations are facing financial loses, losing time and sensitive data due these cyber attacks. The use these different devices and networks in robotics systems are creating new vulnerabilities and potential risk for cyber attacks. This chapter discusses about the possible cyber attacks and economics losses due to these attacks in robotics systems. In this chapter, we analyse the increasing uses of public and private robots, which has created possibility of having more cyber-crimes. Finally, contemporary and important mitigation approaches for these cyber attacks in robotic systems have been discussed in this chapter.

Sign in / Sign up

Export Citation Format

Share Document