Visible to the public Biblio

Filters: Keyword is SQL Injection vulnerability  [Clear All Filters]
2020-02-10
Awang, Nor Fatimah, Jarno, Ahmad Dahari, Marzuki, Syahaneim, Jamaludin, Nor Azliana Akmal, Majid, Khairani Abd, Tajuddin, Taniza.  2019.  Method For Generating Test Data For Detecting SQL Injection Vulnerability in Web Application. 2019 7th International Conference on Cyber and IT Service Management (CITSM). 7:1–5.
SQL injection is among the most dangerous vulnerabilities in web applications that allow attackers to bypass the authentication and access the application database. Security testing is one of the techniques required to detect the existence of SQL injection vulnerability in a web application. However, inadequate test data during testing can affect the effectiveness of security testing. Therefore, in this paper, the new algorithm is designed and developed by applying the Cartesian Product technique in order to generate a set of invalid test data automatically. A total of 624 invalid test data were generated in order to increase the detection rate of SQL injection vulnerability. Finally, the ideas obtained from our method is able to detect the vulnerability of SQL injection in web application.
2018-05-24
Maraj, A., Rogova, E., Jakupi, G., Grajqevci, X..  2017.  Testing Techniques and Analysis of SQL Injection Attacks. 2017 2nd International Conference on Knowledge Engineering and Applications (ICKEA). :55–59.

It is a well-known fact that nowadays access to sensitive information is being performed through the use of a three-tier-architecture. Web applications have become a handy interface between users and data. As database-driven web applications are being used more and more every day, web applications are being seen as a good target for attackers with the aim of accessing sensitive data. If an organization fails to deploy effective data protection systems, they might be open to various attacks. Governmental organizations, in particular, should think beyond traditional security policies in order to achieve proper data protection. It is, therefore, imperative to perform security testing and make sure that there are no holes in the system, before an attack happens. One of the most commonly used web application attacks is by insertion of an SQL query from the client side of the application. This attack is called SQL Injection. Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities. To overcome the SQL injection problems, there is a need to use different security systems. In this paper, we will use 3 different scenarios for testing security systems. Using Penetration testing technique, we will try to find out which is the best solution for protecting sensitive data within the government network of Kosovo.