scholarly journals Program Analysis For Database Injections

2017 ◽  
Vol 16 (6) ◽  
pp. 6977-6986
Author(s):  
Chelsea Ramsingh ◽  
Paolina Centonze
Keyword(s):  
Open Source ◽  
Private Information ◽  
Program Analysis ◽  
Query Language ◽  
Cyber Attacks ◽  
Test Cases ◽  
Sensitive Data ◽  
Sql Injection ◽  
Testing Tools ◽  
Private Data

Today businesses all around the world use databases in many different ways to store sensitive data. It is important that the data stored stay safe and does not get into the wrong hands. To perform data management in a database, the language SQL (Structured Query Language) can be used. It is extremely crucial to prevent these databases from being attacked to ensure the security of the users’ sensitive and private data. This journal will focus on the most common way hackers exploit data from databases through SQL injection, and it presents dynamic and static code testing to find and prevent these SQL cyber attacks by comparing two testing tools. It will also present a comparative analysis and static/dynamic code testing of two SQL injection detection tools. Burp Suite and Vega will be used to identify possible flaws in test cases dealing with users’ sensitive and private information. Currently, there are no comparisons of these two open-source tools to quantify the number of flaws these two tools are able to detect. Also, there are no detailed papers found fully testing the open-source Burp Suite and Vega for SQL Injection. These two open-source tools are commonly used but have not been tested enough. A static analyzer detecting SQL Injection will be used to test and compare the results of the dynamic analyzer. In addition, this paper will suggest techniques and methods to ensure the security of sensitive data from SQL injection. The prevention of SQL injection is imperative and it is crucial to secure the sensitive data from potential hackers who want to exploit it.

Detecting SQL Injection Using Correlative Log Analysis

2018 ◽  
Vol 7 (2.32) ◽  
pp. 389
Author(s):  
T Sreeja ◽  
Dr Manna Sheela Rani Chetty ◽  
Sekhar Babu Boddu
Keyword(s):  
Cyber Security ◽  
Web Application ◽  
Finite Automata ◽  
Cyber Attacks ◽  
Log Analysis ◽  
Security Market ◽  
Sensitive Data ◽  
Sql Injection ◽  
Automated Tools ◽  
Global Demography

The spiking landscape of cyber-attacks is reflecting its trend towards invoking vulnerabilities in a web application. The vulnerabilities seem to be over-growing second by second beside being over-coming time to time. The reason behind is, new attack vectors are often being deployed by the threat actors. The global cyber security market alone has brought a turnover of about $350 billion, which shows how wide the attack landscape is and how expensive it is to detect, protect and respond to the cyber issues. Most of the security experts have quoted that, the average cost of a data breach will exceed to $150million by 2020 and about 80 percent of the global demography were nowhere aware of such attacks. From the past few years, SQL injection is acting as a major vector in breaching the sensitive data. Detecting SQL injection through log correlation is the most effective methodology utilized under adaptive environments seeking no tool investigation. This paper exposes a detection methodology of an SQL injection attack without any mere concentration on automated tools. The paper goes with a motto of detection through configuring the available resources like web server,database,and an IDS in a way of creating adaptable environment that can bring the entire attacker information through log analysis. The paper would represent the attacker phases in a finite automata.  

scholarly journals Component based Web Application Firewall for Analyzing and Defending SQL Injection Attack Vectors

2019 ◽  
Vol 8 (3) ◽  
pp. 4183-4190
Keyword(s):  
Web Application ◽  
Query Language ◽  
Cyber Attacks ◽  
Sql Injection ◽  
Web Application Security ◽  
Application Security ◽  
Service Interruption ◽  
Structured Query Language ◽  
Authentication And Authorization ◽  
Hypertext Transfer Protocol

Structured query language injection is a top rated vulnerability by open web application security project community. If a web application has structured query language vulnerability in source code, then such application is prone to cyber-attacks, leading to attack on confidentiality, integrity and availability. Attackers are always ready to exploit structured query language injection vulnerabilities by executing various online attack vectors and many times successfully bypass authentication and authorization to gain privilege access on web and database server leading to service interruption, data interception, modification, fabrication and sometime complete deletion of database. The present paper is an attempt to propose an advance component based web application firewall to enhance web application security by mitigating structured query language injection attack vectors by analyzing hypertext transfer protocol request variables through analyzer component and defending injection attack through defender component based on content policy installed on advance web application firewall.

scholarly journals PPDM-TAN: A Privacy-Preserving Multi-Party Classifier

Computation ◽  
2021 ◽  
Vol 9 (1) ◽  
pp. 6
Author(s):  
Maria Eleni Skarkala ◽  
Manolis Maragoudakis ◽  
Stefanos Gritzalis ◽  
Lilian Mitrou
Keyword(s):  
Data Mining ◽  
Private Information ◽  
Security Analysis ◽  
Privacy Preserving ◽  
Data Mining Algorithm ◽  
Bayes Classifier ◽  
Sensitive Data ◽  
Privacy Concerns ◽  
Information Privacy Concerns ◽  
Private Data

Distributed medical, financial, or social databases are analyzed daily for the discovery of patterns and useful information. Privacy concerns have emerged as some database segments contain sensitive data. Data mining techniques are used to parse, process, and manage enormous amounts of data while ensuring the preservation of private information. Cryptography, as shown by previous research, is the most accurate approach to acquiring knowledge while maintaining privacy. In this paper, we present an extension of a privacy-preserving data mining algorithm, thoroughly designed and developed for both horizontally and vertically partitioned databases, which contain either nominal or numeric attribute values. The proposed algorithm exploits the multi-candidate election schema to construct a privacy-preserving tree-augmented naive Bayesian classifier, a more robust variation of the classical naive Bayes classifier. The exploitation of the Paillier cryptosystem and the distinctive homomorphic primitive shows in the security analysis that privacy is ensured and the proposed algorithm provides strong defences against common attacks. Experiments deriving the benefits of real world databases demonstrate the preservation of private data while mining processes occur and the efficient handling of both database partition types.

scholarly journals SQL Injection Detection and Prevention Techniques in ASP.NET Web Application

2019 ◽  
Vol 8 (3) ◽  
pp. 7759-7766
Keyword(s):  
Private Information ◽  
Web Application ◽  
Query Language ◽  
Mobile Apps ◽  
Economic Loss ◽  
Structure Query Language ◽  
Sql Injection ◽  
Injection Attacks ◽  
Structure Query ◽  
Sql Injection Attacks

Injection in SQL (structure query language) is one of the threats to web-based apps, mobile apps and even desktop applications associated to the database. An effective SQL Injection Attacks (SQLIA) could have severe implications for the victimized organization including economic loss, loss of reputation, enforcement and infringement of regulations. Systems which do not validate the input of the user correctly make them susceptible to SQL injection. SQLIA happens once an attacker can incorporate a sequence of harmful SQL commands into a request by changing back-end database through user information. To use this sort of attacks may readily hack applications and grab the private information by the attacker. In this article we introduce deferential sort of process to safeguard against current SQLIA method and instruments that are used in ASP.NET apps to detect or stop these attacks.

scholarly journals Study on security risks of e-banking system

2021 ◽  
Vol 21 (2) ◽  
pp. 1065
Author(s):  
Gabriela Mogos ◽  
Nor Shahida Mohd Jamail
Keyword(s):  
Access Control ◽  
Private Information ◽  
Risk Control ◽  
Banking System ◽  
Online Banking ◽  
Sensitive Data ◽  
Security Risks ◽  
Sql Injection ◽  
Delivery Costs

<p>Online banking and other e-banking modes are a very convenient way to banking in terms of speed, convenience and delivery costs, but they have brought many risks alongside them. Online banking has created a new risk orientation and even new forms of risk. Technology plays an important role as both a source and a tool for risk control. The purpose of this research is to identify the security situation of the e-banking application and to analyze the risks and attacks that could occur to the customers that, although it’s an e-banking application attacks could happen. Several mitigations were mentioned to overcome attacks like, access control is to mitigate eavesdropping this means that, restricting access to sensitive data is mandatory. Another way to mitigate is, update and patch which is for SQL injection meaning, it's vital to apply patches and updates when it’s available. These attacks may attack the whole application or target an individual where private information is stolen or changed. This research also shows how to apply several more different protections measures to protect oneself and organization from being targets of cybercrime. </p>

Mobile Software Assurance Informed through Knowledge Graph Construction: The OWASP Threat of Insecure Data Storage

2020 ◽  
Vol 2 (2) ◽  
Author(s):  
Suzanna Schmeelk ◽  
Lixin Tao
Keyword(s):  
Data Storage ◽  
Program Analysis ◽  
Web Application ◽  
Security Analysis ◽  
Knowledge Graph ◽  
Healthcare Applications ◽  
Sensitive Data ◽  
Knowledge Graphs ◽  
Mobile Malware Detection ◽  
Software Assurance

Many organizations, to save costs, are movinheg to t Bring Your Own Mobile Device (BYOD) model and adopting applications built by third-parties at an unprecedented rate.  Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection, mitigation, and prevention.  This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project (OWASP).  OWASP maintains lists of the top ten security threats to web and mobile applications.  We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code.  We analyze 200+ healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten moble threats, the threat of “Insecure Data Storage.”  We find that many of the applications are storing personally identifying information (PII) in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data.

Sustainable Security for the Internet of Things Using Artificial Intelligence Architectures

2021 ◽  
Vol 21 (3) ◽  
pp. 1-22
Author(s):  
Celestine Iwendi ◽  
Saif Ur Rehman ◽  
Abdul Rehman Javed ◽  
Suleman Khan ◽  
Gautam Srivastava
Keyword(s):  
Internet Of Things ◽  
Detection System ◽  
Experimental Testing ◽  
Cyber Attacks ◽  
Internet Technology ◽  
The Internet ◽  
Business Operations ◽  
Private Data ◽  
The Internet Of Things ◽  
Better Than

In this digital age, human dependency on technology in various fields has been increasing tremendously. Torrential amounts of different electronic products are being manufactured daily for everyday use. With this advancement in the world of Internet technology, cybersecurity of software and hardware systems are now prerequisites for major business’ operations. Every technology on the market has multiple vulnerabilities that are exploited by hackers and cyber-criminals daily to manipulate data sometimes for malicious purposes. In any system, the Intrusion Detection System (IDS) is a fundamental component for ensuring the security of devices from digital attacks. Recognition of new developing digital threats is getting harder for existing IDS. Furthermore, advanced frameworks are required for IDS to function both efficiently and effectively. The commonly observed cyber-attacks in the business domain include minor attacks used for stealing private data. This article presents a deep learning methodology for detecting cyber-attacks on the Internet of Things using a Long Short Term Networks classifier. Our extensive experimental testing show an Accuracy of 99.09%, F1-score of 99.46%, and Recall of 99.51%, respectively. A detailed metric representing our results in tabular form was used to compare how our model was better than other state-of-the-art models in detecting cyber-attacks with proficiency.

scholarly journals Confidential Health Care Data Exchange Between Multiple Entities in Cloud using Block Chain

2019 ◽  
Vol 9 (2) ◽  
pp. 2566-2573
Keyword(s):  
Health Care ◽  
Data Exchange ◽  
Health Care Organizations ◽  
Main Concept ◽  
Sensitive Data ◽  
Privacy And Security ◽  
Health Care Data ◽  
Private Data ◽  
Peer Network ◽  
Block Chain

Data in the cloud is leading to the more interest for cyber attackers. These days’ attackers are concentrating more on Health care data. Through data mining performed on health care data Industries are making Business out of it. These changes are affecting the treatment process for many people so careful data processing is required. Breaking these data security leads to many consequences for health care organizations. After braking security computation of private data can be performed. By data storing and running of computation on a sensitive data can be possible by decentralization through peer to peer network. Instead of using the centralized architecture by decentralization the attacks can be reduced. Different security algorithms have been considered. For decentralization we are using block chain technology. Privacy, security and integrity can be achieved by this block chain technology. Many solutions have been discussed to assure the privacy and security for Health care organizations somehow failed to address this problem. Many cryptographic functions can be used for attaining privacy of data. Pseudonymity is the main concept we can use to preserve the health care means preserving data by disclosing true identity legally.

scholarly journals Study on Cyber-Attacks Based on E-mails

2014 ◽  
Author(s):  
Florian-Cosmin BUTOI
Keyword(s):  
Social Security ◽  
White Paper ◽  
Common Type ◽  
Cyber Attacks ◽  
Financial Information ◽  
Sensitive Data ◽  
Phishing Attacks ◽  
The Future ◽  
Banking Institutions ◽  
Account Information

A particularly dangerous and now common type of spam known as "Phishing” attempts to trick recipients into revealing personal and sensitive data, such as passwords, login ID’s, financial information or social security numbers. Recipients are directed to counterfeit and fraudulent websites that are exact duplicates of well-known and respected companies such as eBay, PayPal or large banking institutions and prompted to enter account information. This white paper addresses current issues associated with phishing scams and argues the most probable and likely direction phishing scams will follow in the future. Recommended safe user guidelines are included to help protect users from both current and future phishing attacks.

Sign in / Sign up

Export Citation Format

Share Document