scholarly journals Security Performance Analysis of Photography Service System

2019 ◽  
Vol 4 (2) ◽  
pp. 15-20
Author(s):  
Nur Khairani Kamarudin ◽  
Farah Shazwani Ismail ◽  
Mahfudzah Othman ◽  
Nurul Hidayah Ahmad Zukri ◽  
Mohd Faris Mohd Fuzi
Keyword(s):  
Service System ◽  
Denial Of Service ◽  
Security Attacks ◽  
Dos Attack ◽  
Sql Injection ◽  
Penetration Testing ◽  
The Public ◽  
Vulnerability Assessments ◽  
Sql Injection Attack ◽  
Cross Site

Photography business become more popular and trending among the most of people who likes photography. Photography Service System was developed to help photography companies to deliver photos and videos to their customers. The use of the system have its advantages such as easiness of accessing data and also make users share the data faster. The purpose of the system was developed to ease the daily works and can be used frequently by photography companies as a method to send photos and videos to their customers. A penetration testing was conducted in order to test the security performance by conducting four security attacks which were Denial of Service (DoS), SQL injection, Cross Site Scripting, and sniffing password. The purpose of these attacks were conducted is to testing and finding the vulnerabilities of the system because the system deals with the customers’ privacy data which is the photos and the videos owned by the customers. This is crucial to secure a system where the first step taken as a prevention to introduce the system to the public, vulnerability assessments was performed to determine the weaknesses of the system. Scanning and vulnerability assessment are done using tools which is Vega Scanning Tool, Wireshark, and Low Orbit Ion Cannon (LOIC). All results are collected and have been analyze. As a summary of the result, it shows that the system are vulnerable to DoS attack, SQL injection attack, cross site scripting and also password sniffing.  

scholarly journals Penetration Testing using Kali Linux: SQL Injection, XSS, Wordpres, and WPA2 Attacks

2018 ◽  
Vol 12 (2) ◽  
pp. 729 ◽  
Author(s):  
Teddy Surya Gunawan ◽  
Muhammad Kasim Lim ◽  
Mira Kartiwi ◽  
Noreha Abdul Malik ◽  
Nanang Ismail
Keyword(s):  
Mobile Devices ◽  
Virtual Machine ◽  
Smart Phones ◽  
Host Computer ◽  
Security Attacks ◽  
Sql Injection ◽  
Penetration Testing ◽  
Washing Machines ◽  
Cross Site

Nowadays, computers, smart phones, smart watches, printers, projectors, washing machines, fridges, and other mobile devices connected to Internet are exposed to various threats and exploits. Of the various attacks, SQL injection, cross site scripting, Wordpress, and WPA2 attack were the most popular security attacks and will be further investigated in this paper. Kali Linux provides a great platform and medium in learning various types of exploits and peneteration testing. All the simulated attack will be conducted using Kali Linux installed on virtual machine in a compuer with Intel Core i5 and 8 GB RAM, while the victim’s machine is the host computer which run Windows 10 version 1709. Results showed that the attacks launched both on web and firewall were conducted successfully.

Automated Detection of SQL Injection Attack on Blockchain-Based Database

2021 ◽  
pp. 321-341
Author(s):  
Keshav Sinha ◽  
Amit Kumar Keshari
Keyword(s):  
Network Analysis ◽  
Denial Of Service ◽  
Automated Detection ◽  
Distributed Environment ◽  
Sql Injection ◽  
Insider Attack ◽  
Challenging Tasks ◽  
Sql Injection Attack ◽  
The Web

In the era of computing, where the data are stored in a cloud or distributed environment, the privacy of data is one of the challenging tasks. The attacks like denial of service attacks (DoS), insider attack compromised the security of the system. In this chapter, the authors discussed a blockchain-based database, where data are encrypted and stored. The Web API is used as an interface for the storage and sharing of data in the blockchain system. There are several types of attacks that are performed by the adversary on the database to destroy the vulnerability of the system. Here, the authors are mainly focused on the SQL injection attack which is performed by the adversary on Web API. To cope with this problem, they present the case study based on the Snort and Moloch for automated detection of SQL attack, network analysis, and testing of the system.

SQL Code Poisoning

2011 ◽  
pp. 161-171
Author(s):  
Theodoros Tzouramanis
Keyword(s):  
Anomaly Detection ◽  
Management System ◽  
Database Management ◽  
Query Language ◽  
Database Management System ◽  
Sql Injection ◽  
Database Administrator ◽  
Structured Query Language ◽  
Sql Injection Attack ◽  
Cross Site

Anomaly Detection; Cookie Poisoning; CRLF Injection Attack; Cross-Site Scripting (or CSS) Attack Database Administrator (DBA); Database Management System (DBMS); Database Structured Query Language (SQL); Directory Traversal Attack; Google Hacking Attack; Secrecy; Integrity; and Availability; SQL Code Poisoning (or SQL Injection) Attack

scholarly journals Analysis of Hacker Attack Using Honeypot High Interaction

2018 ◽  
Vol 14 ◽  
Author(s):  
Wahyu Purnama Sari ◽  
I Nyoman Adhi Palguna Putra
Keyword(s):  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Brute Force ◽  
Security Technology ◽  
Security Systems ◽  
Sql Injection ◽  
Wide Range ◽  
High Interaction ◽  
A Company ◽  
Cross Site

Information is a corporate asset that should be kept confidential access to parties who are not responsible. Aspects of the security of the information to be protected includes the Confidentiality, Integrity and Availability. A wide range of attacks and threats can be made to take over the assets of the desired information. A hacker is someone who has the ability to penetrate security systems of a company. There are several types of hacker attacks performed, i.e. SQL Injection, Cross Site Scripting (XSS), Brute Force, Distributed-Denial-of-Service (DDoS), Inclusion, Code Injection and more. Honeypot is a security technology that aims to identify, find security gaps and contribute actively when there are security intrusions on information technology activities. High Interaction Honeypot (Hihat) may record and collect information more specific attacks and more. The type of attack that was recorded by the Honeypot Hihat is then analyzed to find out the type of attack that most got into XYZ Company.

scholarly journals Moving Target Defense Strategy for Mitigating Denial of Service Attack in the Public Cloud Environment

2019 ◽  
Vol 8 (6) ◽  
pp. 1112-1115
Keyword(s):  
Denial Of Service ◽  
Moving Target ◽  
Cloud Environment ◽  
Public Cloud ◽  
Dos Attack ◽  
The Public ◽  
Denial Of Service Attack ◽  
Digital World ◽  
Service Attack ◽  
Attack Surface

Internet is a network of interconnected systems which works collaboratively and services the users without any disruption. But for achieving the same in real time, needs the new prominent technology cloud computing. The massive attractive features and simple pay-as-you-go model of cloud makes it reachable to all the users Denial-of-Service (DoS) plays a crucial role in making the services inaccessible to its intended users. The traditional DoS can no longer be successful in the cloud scenario as it poses the auto scaling feature. Still, the DoS can consume the bandwidth of the cloud customers as they need to pay for their complete usage. In spite of the huge number of recovery measures available in cloud, DoS becoming harder every day in terms of attack volume and severity. Hence complete mitigation against DoS attack is the expected solution which needs to be proved in today’s digital world. Moving Target Defence (MTD) is one such prominent emerging solution which aims to avoid the DDoS attacks in the cloud environment. The challenge of MTD is to change the attack surface periodically such that the attackers will be facing difficulty in even the attack attempts. This paper aims to provide solution for avoiding DoS attack by adopting MTD algorithm for making the web servers redundant in the cloud environment. Experimental simulations prove the effectiveness of MTD in the public cloud environment.

scholarly journals Web Application Penetration Testing Using SQL Injection Attack

2021 ◽  
Vol 5 (3) ◽  
pp. 320
Author(s):  
Alde Alanda ◽  
Deni Satria ◽  
M.Isthofa Ardhana ◽  
Andi Ahmad Dahlan ◽  
Hanriyawan Adnan Mooduto
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Rapid Development ◽  
Security Level ◽  
Sensitive Information ◽  
Sql Injection ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security ◽  
Sql Injection Attack

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

The Detection of SQL Injection on Blockchain-Based Database

2021 ◽  
pp. 234-262
Author(s):  
Keshav Sinha ◽  
Madhav Verma
Keyword(s):  
Network Analysis ◽  
Denial Of Service ◽  
Automated Detection ◽  
Distributed Environments ◽  
Storage Space ◽  
Sql Injection ◽  
Challenging Tasks ◽  
Sql Injection Attack ◽  
The Web

In today's world, the storage of data needs a huge amount of space. Meanwhile, cloud and distributed environments provide sufficient storage space for the data. One of the challenging tasks is the privacy prevention of storage data. To overcome the problem of privacy, the blockchain-based database is used to store the data. There are various attacks like denial of service attacks (DoS) and insider attacks that are performed by the adversary to compromise the security of the system. In this chapter, the authors discussed a blockchain-based database, where data are encrypted and stored. The Web API is used as an interface for the storage and sharing of data. Here, they are mainly focused on the SQL injection attack, which is performed by the adversary on Web API. To cope with this problem, they present the case study based on the Snort and Moloch for automated detection of SQL attack, network analysis, and testing of the system.

scholarly journals A systematic review of vulnerability analysis & penetration testing tools

2017 ◽  
Vol 7 (1.1) ◽  
pp. 411
Author(s):  
K Raja Sekhar ◽  
Pavanasurya M ◽  
Komal Bharti ◽  
Dhanya G
Keyword(s):  
Systematic Review ◽  
Computer Security ◽  
Web Application ◽  
Vulnerability Analysis ◽  
Sql Injection ◽  
Penetration Testing ◽  
Testing Tools ◽  
Cross Site ◽  
Security Check

In Computer Security, the term vulnerability refers as a flaw in the system which creates a hole, giving an attacker a chance of taking control over the system. Any Software, Web application or anything related to computer product is vulnerable to attack in different ways like code stealing, sniffing of packets, hijacking the network, making the system compromised etc. In order to avoid such attacks a constant check has to be done and the check has to be done through various Pen testing tools. Penetration tools are one which is used to perform security check on an application to find the presence of exploitable vulnerabilities. In this paper, we look over the penetration tools like CODEPULSE (the code stealer), ETTERCAP (the Sniffer and Hijacker) and made a systematic review of various websites which are vulnerable to SQL Injection and Cross-site Scripting. 

Sign in / Sign up

Export Citation Format

Share Document