scholarly journals Teknik Uji Penetrasi Web Server Menggunakan SQL Injection dengan SQLmap di Kalilinux

2021 ◽  
Vol 6 (2) ◽  
pp. 210
Author(s):  
Rudi Hermawan
Keyword(s):  
Web Application ◽  
User Authentication ◽  
Web Server ◽  
Cyber Attacks ◽  
Injection Technique ◽  
Sql Injection ◽  
User Access ◽  
Will Force ◽  
Application Developers ◽  
Sql Query

<p><em>In recent years cases of cyber attacks that lead to website security have increased. The most widely used website hacking threat is sql injection. By using the sqlmap tool that runs on the Kalilinux  operating system, attackers can easily take over very important user authentication data with their passwords. Attackers only use a special SQL query script using the python programming language will force the web server to output database information, tables, columns and data contents. This sql injection technique is not difficult, knowing how sql injection works is expected to be useful for web admins and web application developers to be able to secure user access from attackers. This attack simulation uses a virtual machine, by creating two virtual computers that are scripted as the attacker and the target server. By testing through this simulation, we can find out how the attack process and the consequences of attacks carried out by attackers.</em></p>

Detecting SQL Injection Using Correlative Log Analysis

2018 ◽  
Vol 7 (2.32) ◽  
pp. 389
Author(s):  
T Sreeja ◽  
Dr Manna Sheela Rani Chetty ◽  
Sekhar Babu Boddu
Keyword(s):  
Cyber Security ◽  
Web Application ◽  
Finite Automata ◽  
Cyber Attacks ◽  
Log Analysis ◽  
Security Market ◽  
Sensitive Data ◽  
Sql Injection ◽  
Automated Tools ◽  
Global Demography

The spiking landscape of cyber-attacks is reflecting its trend towards invoking vulnerabilities in a web application. The vulnerabilities seem to be over-growing second by second beside being over-coming time to time. The reason behind is, new attack vectors are often being deployed by the threat actors. The global cyber security market alone has brought a turnover of about $350 billion, which shows how wide the attack landscape is and how expensive it is to detect, protect and respond to the cyber issues. Most of the security experts have quoted that, the average cost of a data breach will exceed to $150million by 2020 and about 80 percent of the global demography were nowhere aware of such attacks. From the past few years, SQL injection is acting as a major vector in breaching the sensitive data. Detecting SQL injection through log correlation is the most effective methodology utilized under adaptive environments seeking no tool investigation. This paper exposes a detection methodology of an SQL injection attack without any mere concentration on automated tools. The paper goes with a motto of detection through configuring the available resources like web server,database,and an IDS in a way of creating adaptable environment that can bring the entire attacker information through log analysis. The paper would represent the attacker phases in a finite automata.  

scholarly journals Component based Web Application Firewall for Analyzing and Defending SQL Injection Attack Vectors

2019 ◽  
Vol 8 (3) ◽  
pp. 4183-4190
Keyword(s):  
Web Application ◽  
Query Language ◽  
Cyber Attacks ◽  
Sql Injection ◽  
Web Application Security ◽  
Application Security ◽  
Service Interruption ◽  
Structured Query Language ◽  
Authentication And Authorization ◽  
Hypertext Transfer Protocol

Structured query language injection is a top rated vulnerability by open web application security project community. If a web application has structured query language vulnerability in source code, then such application is prone to cyber-attacks, leading to attack on confidentiality, integrity and availability. Attackers are always ready to exploit structured query language injection vulnerabilities by executing various online attack vectors and many times successfully bypass authentication and authorization to gain privilege access on web and database server leading to service interruption, data interception, modification, fabrication and sometime complete deletion of database. The present paper is an attempt to propose an advance component based web application firewall to enhance web application security by mitigating structured query language injection attack vectors by analyzing hypertext transfer protocol request variables through analyzer component and defending injection attack through defender component based on content policy installed on advance web application firewall.

scholarly journals RESEARCH ON THE RECOGNITION OF CYBER ATTACKS ON THE SITE

2021 ◽  
Vol 2 (336) ◽  
pp. 91-95
Author(s):  
M. E. Raimov ◽  
A. K. Mukasheva ◽  
G. B. Isayeva ◽  
K. Nuralbay
Keyword(s):  
Information Security ◽  
Web Application ◽  
Web Applications ◽  
Rapid Development ◽  
Cyber Attacks ◽  
The Internet ◽  
Application Development ◽  
Application Developers

The rapid development of the Internet has brought with it both positive and negative aspects. Every year, there are more and more people and methods that want to steal information and disrupt the work of the resource, to carry out other similar actions. In this regard, the issue of site resistance to various attacks becomes particularly relevant, that is, it leads to the emergence of a large number of projects that help web application developers to improve the reliability of their products. In fact, actions such as testing and polling a website, searching for web applications, allow you to determine as a good warning measure the shortcomings of application development and closed testing show that, in this way, it is possible to determine whether an application is resistant to information security.

scholarly journals Safety Measures and Auto Detection against SQL Injection Attacks

2019 ◽  
Vol 8 (4) ◽  
pp. 2827-2833
Keyword(s):  
Web Application ◽  
Application Programming Interface ◽  
Database Management System ◽  
Transport Layer ◽  
Prototype System ◽  
Large Network ◽  
Security Measures ◽  
Sql Injection ◽  
Sql Injection Attack ◽  
The Web

The SQL injection attack (SQLIA) occurred when the attacker integrating a code of a malicious SQL query into a valid query statement via a non-valid input. As a result the relational database management system will trigger these malicious query that cause to SQL injection attack. After successful execution, it may interrupts the CIA (confidentiality, integrity and availability) of web API. The vulnerability of Web Application Programming Interface (API) is the prior concern for any programming. The Web API is mainly based of Simple Object Access Protocol (SOAP) protocol which provide its own security and Representational State Transfer (REST) is provide the architectural style to security measures form transport layer. Most of the time developers or newly programmers does not follow the standards of safe programming and forget to validate their input fields in the form. This vulnerability in the web API opens the door for the threats and it’s become a cake walk for the attacker to exploit the database associated with the web API. The objective of paper is to automate the detection of SQL injection attack and secure the poorly coded web API access through large network traffic. The Snort and Moloch approaches are used to develop the hybrid model for auto detection as well as analyze the SQL injection attack for the prototype system

scholarly journals Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment

2020 ◽  
Vol 7 (4) ◽  
pp. 853
Author(s):  
Imam Riadi ◽  
Anton Yudhana ◽  
Yunanri W
Keyword(s):  
Open Access ◽  
Vulnerability Assessment ◽  
Web Application ◽  
Scientific Publication ◽  
Information Gathering ◽  
Public Knowledge ◽  
Audit Process ◽  
Sql Injection ◽  
Web Application Security ◽  
Access Port

<p class="Body"><em>Open Journal System</em> (OJS) merupakan perangkat lunak yang berfungsi sebagai sarana publikasi ilmiah dan digunakan diseluruh dunia. OJS yang tidak dipantau beresiko diserang oleh <em>hacker</em>.  Kerentanan yang di timbulkan oleh <em>hacker</em> akan berakibat buruk terhadap performa dari sebuah OJS.  Permasalahan yang dihadapi pada sistem OJS meliputi <em>network</em>, <em>port discover</em>, proses audit <em>exploit</em> sistem OJS. Proses audit sistem pada OJS mencakup <em>SQL Injection</em>, melewati <em>firewall </em>pembobolan <em>password</em>. Parameter input yang digunakan adalah IP<em> </em><em>address</em> dan <em>p</em><em>ort open access</em>. Metode yang digunakan adalah <em>vulnerability assessment</em>. Yang terdiri dari beberapa tahapan seperti <em>information gathering</em> atau <em>footprinting</em>, <em>scanning vulnerability</em>, <em>reporting</em>. Kegiatan ini bertujuan untuk mengidentifikasi celah keamanan pada <em>website o</em><em>pen j</em><em>ournal s</em><em>ystem</em> (OJS). Penelitian ini menggunakan <em>o</em><em>pen w</em><em>eb a</em><em>pplication s</em><em>ecurity p</em><em>roject</em> (OWASP). Pengujian yang telah dilakukan berhasil mengidentifikasi 70 kerentanan<em> high</em>, 1929 <em>medium</em>,<em> </em>4050 <em>low</em> pada OJS, Total nilai <em>vulnerabilit</em>y pada OJS yang di uji coba sebesar 6049. Hasil pengujian yang dilakukan menunjukkan bahwa pada OJS versi 2.4.7 memiliki banyak celah kerentanan atau <em>vulnerability</em>, tidak di rekomendasi untuk digunakan. Gunakanlah versi terbaru yang dikeluarkan oleh pihak OJS <em>Public knowledge  project</em> (PKP).</p><p class="Body"> </p><p class="Body"><em><strong>Abstract</strong></em></p><p class="Judul21"><em>The Open Journal System (OJS) is </em><em>A </em><em>software that functions as a means of scientific publication and is used throughout the world. OJS that is not monitored is at risk of being attacked by hackers. Vulnerabilities caused by hackers will adversely affect the performance of an OJS. The problems faced by the OJS system include the network, port discover, OJS system audit exploit process. The system audit process on the OJS includes SQL Injection, bypassing the firewall breaking passwords. The input parameters used are the IP address and open access port. The method used is a vulnerability assessment. Which consists of several stages such as information gathering or footprinting, scanning vulnerability, reporting. This activity aims to identify security holes on the open journal system (OJS) website. This study uses an open web application security project (OWASP). Tests that have been carried out successfully identified 70 vulnerabilities high, 1929 medium, 4050 low in OJS, the total value of vulnerability in OJS which was tested was 6049. The results of tests conducted showed that in OJS version 2.4.7 had many vulnerabilities or vulnerabilities, not on recommendations for use. Use the latest version issued by the OJS Public Knowledge Project (PKP).</em></p><p class="Body"><em><strong><br /></strong></em></p>

scholarly journals Cloud Computing Technique Applied to Detect Cyber-Attacks on Web Application

2020 ◽  
Vol 9 (4) ◽  
pp. 1498-1500
Keyword(s):  
Cloud Computing ◽  
Web Application ◽  
Current System ◽  
Cyber Attacks ◽  
Individual Data ◽  
Computing Technique ◽  
Correct Number ◽  
Proposed Model

The targeted malignant emails (TME) for PC arrange misuse have become progressively deceptive and all the more generally common as of late. Aside from spam or phishing which is intended to fool clients into uncovering individual data, TME can misuse PC systems and accumulate touchy data which can be a major issue for the association. They can comprise of facilitated and industrious battles that can be terrible. Another email-separating procedure which depends on bowl classifier and beneficiary arranged highlights with an arbitrary backwoods classifier which performs superior to two conventional recognition techniques, Spam Assassin and Clam AV, while keeping up sensible bogus positive rates. This proposed model deals with how to recognize a pernicious bundle (email) for ordinary system into current system. We build up an undermined protocol of network detection that powerfully concludes the correct number of congestive loss of packets that is going to happen. On the chance that one damages the steering convention itself, at that point aggressor may make enormous segments of the system become untreatable. We build up an option shifting technique by utilizing TME explicit element extraction. Our conventions naturally anticipate clog in a deliberate manner, as it is vital in making any such flaw in network recognition reasonable.

scholarly journals Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks

2010 ◽  
Vol 1 (1) ◽  
pp. 20-40 ◽  
Author(s):  
San-Tsai Sun ◽  
Konstantin Beznosov
Keyword(s):  
Web Applications ◽  
False Positives ◽  
Sql Injection ◽  
Injection Attacks ◽  
Track Parameter ◽  
Effective Dynamic ◽  
Protection Mechanisms ◽  
Sql Injection Attacks ◽  
Application Developers ◽  
Parameter Values

This article presents an approach for retrofitting existing Web applications with run-time protection against known, as well as unseen, SQL injection attacks (SQLIAs) without the involvement of application developers. The precision of the approach is also enhanced with a method for reducing the rate of false positives in the SQLIA detection logic, via runtime discovery of the developers’ intention for individual SQL statements made by Web applications. The proposed approach is implemented in the form of protection mechanisms for J2EE, ASP.NET, and ASP applications. Named SQLPrevent, these mechanisms intercept HTTP requests and SQL statements, mark and track parameter values originating from HTTP requests, and perform SQLIA detection and prevention on the intercepted SQL statements. The AMNESIA testbed is extended to contain false-positive testing traces, and is used to evaluate SQLPrevent. In our experiments, SQLPrevent produced no false positives or false negatives, and imposed a maximum 3.6% performance overhead with 30 milliseconds response time for the tested applications.

Sign in / Sign up

Export Citation Format

Share Document