scholarly journals Securing Web Applications against Structured Query Language Injection Attacks using a Hybrid Approach: Input Filtering and Web Application Firewall

2018 ◽  
Vol 182 (9) ◽  
pp. 20-27
Author(s):  
Francis Kyalo ◽  
Calvins Otieno ◽  
Dennis Njagi
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Query Language ◽  
Hybrid Approach ◽  
Injection Attacks ◽  
Structured Query Language

Bind but Dynamic Technique

2009 ◽  
pp. 880-890
Author(s):  
Ahmad Hammoud ◽  
Ramzi A. Haraty
Keyword(s):  
Web Application ◽  
Efficient Solution ◽  
Web Applications ◽  
Query Language ◽  
Sql Injection ◽  
Injection Attacks ◽  
Dynamic Technique ◽  
Structured Query Language ◽  
Sql Injection Attacks ◽  
Web Developers

Most Web developers underestimate the risk and the level of damage that might be caused when Web applications are vulnerable to SQL (structured query language) injections. Unfortunately, Web applications with such vulnerability constitute a large part of today’s Web application landscape. This article aims at highlighting the risk of SQL injection attacks and provides an efficient solution.

Prevention of SQL Injection Attacks in Web Browsers

2016 ◽  
pp. 174-208
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Web Application ◽  
Credit Card ◽  
Web Applications ◽  
Query Language ◽  
User Input ◽  
Server Side ◽  
Injection Attacks ◽  
Structured Query Language ◽  
User Data ◽  
Sql Injection Attacks

Applications that operate on the Web often interact with a database to persistently store data. For example, if an e-commerce application needs to store a user's credit card number, they typically retrieve the data from a Web form (filled out by the customer) and pass that data to some application or script running on the company's server. The dominant language that these database queries are written in is SQL, the Structured Query Language. Web applications can be vulnerable to a malicious user crafting input that gets executed on the server. One instance of this is an attacker entering Structured Query Language (SQL) commands into input fields, and then this data being used directly on the server by a Web application to construct a database query. The result could be an attacker's gaining control over the database and possibly the server. Care should be taken to validate user input on the server side before user data is used.

Prevention of SQL Injection Attacks in Web Browsers

2018 ◽  
pp. 1240-1274
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Web Application ◽  
Credit Card ◽  
Web Applications ◽  
Query Language ◽  
User Input ◽  
Server Side ◽  
Injection Attacks ◽  
Structured Query Language ◽  
User Data ◽  
Sql Injection Attacks

Applications that operate on the Web often interact with a database to persistently store data. For example, if an e-commerce application needs to store a user's credit card number, they typically retrieve the data from a Web form (filled out by the customer) and pass that data to some application or script running on the company's server. The dominant language that these database queries are written in is SQL, the Structured Query Language. Web applications can be vulnerable to a malicious user crafting input that gets executed on the server. One instance of this is an attacker entering Structured Query Language (SQL) commands into input fields, and then this data being used directly on the server by a Web application to construct a database query. The result could be an attacker's gaining control over the database and possibly the server. Care should be taken to validate user input on the server side before user data is used.

scholarly journals Using Flask for SQLIA Detection and Protection

2020 ◽  
Vol 27 (2) ◽  
pp. 1-14
Author(s):  
Ann Ablahd ◽  
Suhair Dawwod
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Query Language ◽  
Structure Query Language ◽  
Web Page ◽  
Structured Query Language ◽  
On Line ◽  
Structure Query ◽  
Application Developers ◽  
The Web

At present the web applications are used for most of the life activities, these applications are affected by an attack called (Structure Query Language Injection Attack) SQLIA due to the vulnerabilities of the web application. The vulnerabilities of the web application are increased because most of application developers do not care to security in designing.SQL injection is a common attack that infects a web application. The attacker adds (Structured Query Language) SQL code to web page for accessing and changing victim databases.The vital step in securing the database and detecting such an attack in web apps is preparing a tool. Many researchers propose different ways for detection and prevention of such as an attack. In this paper a tool it proposed using a powerful micro-framework web application designer called Flask in Python 3.7 to detect and prevent such attacks. The proposed system is called SQLIAD. SQLIAD analyzed a web application on-line.

scholarly journals Performance Benchmarking of Key-Value Store NoSQL Databases

2018 ◽  
Vol 8 (6) ◽  
pp. 5333
Author(s):  
Omoruyi Osemwegie ◽  
Kennedy Okokpujie ◽  
Nsikan Nkordeh ◽  
Charles Ndujiuba ◽  
Samuel John ◽  
...  
Keyword(s):  
Data Storage ◽  
Web Applications ◽  
Query Language ◽  
Research Work ◽  
Database Systems ◽  
Nosql Databases ◽  
Performance Benchmarking ◽  
Nosql Database ◽  
Structured Query Language ◽  
Web Developers

<p>Increasing requirements for scalability and elasticity of data storage for web applications has made Not Structured Query Language NoSQL databases more invaluable to web developers. One of such NoSQL Database solutions is Redis. A budding alternative to Redis database is the SSDB database, which is also a key-value store but is disk-based. The aim of this research work is to benchmark both databases (Redis and SSDB) using the Yahoo Cloud Serving Benchmark (YCSB). YCSB is a platform that has been used to compare and benchmark similar NoSQL database systems. Both databases were given variable workloads to identify the throughput of all given operations. The results obtained shows that SSDB gives a better throughput for majority of operations to Redis’s performance.</p>

SQL Injection Attacks Countermeasures

2012 ◽  
pp. 194-213
Author(s):  
Kasra Amirtahmasebi ◽  
Seyed Reza Jalalinia
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Confidential Information ◽  
Sql Injection ◽  
Unauthorized Access ◽  
Injection Attacks ◽  
Prevention Techniques ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Requirement Prioritization of Complex Web 2.0 Application Based on Effects on Regression Testing

2018 ◽  
pp. 1204-1224
Author(s):  
Varun Gupta ◽  
D.S. Chauhan ◽  
Kamlesh Dutta
Keyword(s):  
Web 2.0 ◽  
Web Application ◽  
Web Applications ◽  
Hybrid Approach ◽  
Virtual Classroom ◽  
Regression Testing ◽  
Testing Effort ◽  
Prioritization Process ◽  
Effective Selection ◽  
Requirement Prioritization

Web 2.0 applications are complex information systems. Likewise any desktop applications, web applications are complex and require effective requirement prioritization preceded by effective decision aspect prioritization by involving diverse stakeholders. During the release of new increments, objective is to provide value to the software and simultaneously lowering the regression testing effort. This can be achieved by implementing all highest priority requirements along with those dependent on them so that next increments implemented requirements independent of already implemented ones. The challenges involved in aspect selection, requirement prioritization, and effective selection of the security requirements of Web 2.0 application makes its incremental deliveries a complex task as compared to that of desktop applications. The proposed requirement prioritization process is hybrid approach i.e. Based on combination of negotiations and methods to prioritize both decision aspects and software requirements. This technique reduces regression testing effort by taking an impact on regression testing as one of the parameters during prioritization and overcomes various problems related to prioritization of web 2.0 applications. This technique is applied on live system of “Virtual Classroom”, by employing three stakeholder groups with total 8 stakeholders. Results were promising since it resulted in the successful delivery of web application due to effective aspect and requirement prioritization thereby leading to reduced regression testing effort.

Sign in / Sign up

Export Citation Format

Share Document