Investigation framework of web applications vulnerabilities, attacks and protection techniques in structured query language injection attacks

2018 ◽  
Vol 14 (2) ◽  
pp. 103 ◽  
Author(s):  
Nabeel Salih Ali
Keyword(s):  
Web Applications ◽  
Query Language ◽  
Injection Attacks ◽  
Structured Query Language

Bind but Dynamic Technique

2009 ◽  
pp. 880-890
Author(s):  
Ahmad Hammoud ◽  
Ramzi A. Haraty
Keyword(s):  
Web Application ◽  
Efficient Solution ◽  
Web Applications ◽  
Query Language ◽  
Sql Injection ◽  
Injection Attacks ◽  
Dynamic Technique ◽  
Structured Query Language ◽  
Sql Injection Attacks ◽  
Web Developers

Most Web developers underestimate the risk and the level of damage that might be caused when Web applications are vulnerable to SQL (structured query language) injections. Unfortunately, Web applications with such vulnerability constitute a large part of today’s Web application landscape. This article aims at highlighting the risk of SQL injection attacks and provides an efficient solution.

Prevention of SQL Injection Attacks in Web Browsers

2016 ◽  
pp. 174-208
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Web Application ◽  
Credit Card ◽  
Web Applications ◽  
Query Language ◽  
User Input ◽  
Server Side ◽  
Injection Attacks ◽  
Structured Query Language ◽  
User Data ◽  
Sql Injection Attacks

Applications that operate on the Web often interact with a database to persistently store data. For example, if an e-commerce application needs to store a user's credit card number, they typically retrieve the data from a Web form (filled out by the customer) and pass that data to some application or script running on the company's server. The dominant language that these database queries are written in is SQL, the Structured Query Language. Web applications can be vulnerable to a malicious user crafting input that gets executed on the server. One instance of this is an attacker entering Structured Query Language (SQL) commands into input fields, and then this data being used directly on the server by a Web application to construct a database query. The result could be an attacker's gaining control over the database and possibly the server. Care should be taken to validate user input on the server side before user data is used.

Prevention of SQL Injection Attacks in Web Browsers

2018 ◽  
pp. 1240-1274
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Web Application ◽  
Credit Card ◽  
Web Applications ◽  
Query Language ◽  
User Input ◽  
Server Side ◽  
Injection Attacks ◽  
Structured Query Language ◽  
User Data ◽  
Sql Injection Attacks

Applications that operate on the Web often interact with a database to persistently store data. For example, if an e-commerce application needs to store a user's credit card number, they typically retrieve the data from a Web form (filled out by the customer) and pass that data to some application or script running on the company's server. The dominant language that these database queries are written in is SQL, the Structured Query Language. Web applications can be vulnerable to a malicious user crafting input that gets executed on the server. One instance of this is an attacker entering Structured Query Language (SQL) commands into input fields, and then this data being used directly on the server by a Web application to construct a database query. The result could be an attacker's gaining control over the database and possibly the server. Care should be taken to validate user input on the server side before user data is used.

scholarly journals Performance Benchmarking of Key-Value Store NoSQL Databases

2018 ◽  
Vol 8 (6) ◽  
pp. 5333
Author(s):  
Omoruyi Osemwegie ◽  
Kennedy Okokpujie ◽  
Nsikan Nkordeh ◽  
Charles Ndujiuba ◽  
Samuel John ◽  
...  
Keyword(s):  
Data Storage ◽  
Web Applications ◽  
Query Language ◽  
Research Work ◽  
Database Systems ◽  
Nosql Databases ◽  
Performance Benchmarking ◽  
Nosql Database ◽  
Structured Query Language ◽  
Web Developers

<p>Increasing requirements for scalability and elasticity of data storage for web applications has made Not Structured Query Language NoSQL databases more invaluable to web developers. One of such NoSQL Database solutions is Redis. A budding alternative to Redis database is the SSDB database, which is also a key-value store but is disk-based. The aim of this research work is to benchmark both databases (Redis and SSDB) using the Yahoo Cloud Serving Benchmark (YCSB). YCSB is a platform that has been used to compare and benchmark similar NoSQL database systems. Both databases were given variable workloads to identify the throughput of all given operations. The results obtained shows that SSDB gives a better throughput for majority of operations to Redis’s performance.</p>

scholarly journals Using Flask for SQLIA Detection and Protection

2020 ◽  
Vol 27 (2) ◽  
pp. 1-14
Author(s):  
Ann Ablahd ◽  
Suhair Dawwod
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Query Language ◽  
Structure Query Language ◽  
Web Page ◽  
Structured Query Language ◽  
On Line ◽  
Structure Query ◽  
Application Developers ◽  
The Web

At present the web applications are used for most of the life activities, these applications are affected by an attack called (Structure Query Language Injection Attack) SQLIA due to the vulnerabilities of the web application. The vulnerabilities of the web application are increased because most of application developers do not care to security in designing.SQL injection is a common attack that infects a web application. The attacker adds (Structured Query Language) SQL code to web page for accessing and changing victim databases.The vital step in securing the database and detecting such an attack in web apps is preparing a tool. Many researchers propose different ways for detection and prevention of such as an attack. In this paper a tool it proposed using a powerful micro-framework web application designer called Flask in Python 3.7 to detect and prevent such attacks. The proposed system is called SQLIAD. SQLIAD analyzed a web application on-line.

An Agent Based Intelligent Dynamic Vulnerability Analysis Framework for Critical SQLIA Attacks

2018 ◽  
Vol 14 (3) ◽  
pp. 56-82 ◽  
Author(s):  
Jeya Mala Dharmalingam ◽  
M Eswaran
Keyword(s):  
Web Applications ◽  
Query Language ◽  
Vulnerability Analysis ◽  
Graph Searching ◽  
Analysis Framework ◽  
False Negatives ◽  
Agent Based ◽  
Injection Attacks ◽  
The Common ◽  
Post Condition

This article describes how software vulnerability analysis and testing for web applications should detect not only the common attacks but also dynamic vulnerability attacks. These are the attacks such as structured query language injection attacks (SQLIAs) which will extract the most crucial user information from the targeted database. In this proposed approach, an intelligent agent namely intelligent vulnerability analyzer agent (IVA) is proposed in which the external attacks due to dynamic user inputs are identified using a heuristic-guided intelligent graph searching and then a pre and post condition based analysis is performed to identify the dynamic vulnerabilities. Further, the proposed approach is compared with some of the existing works based on the number of false positives and false negatives of attacks detection and confirmed that the proposed work is a novel and effective one in finding out SQLIAs.

Sign in / Sign up

Export Citation Format

Share Document