Related Papers
Violent Python - A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
Isromi Janwar
INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY
Program Analysis For Database Injections
Paolina Centonze
Today businesses all around the world use databases in many different ways to store sensitive data. It is important that the data stored stay safe and does not get into the wrong hands. To perform data management in a database, the language SQL (Structured Query Language) can be used. It is extremely crucial to prevent these databases from being attacked to ensure the security of the users’ sensitive and private data. This journal will focus on the most common way hackers exploit data from databases through SQL injection, and it presents dynamic and static code testing to find and prevent these SQL cyber attacks by comparing two testing tools. It will also present a comparative analysis and static/dynamic code testing of two SQL injection detection tools. Burp Suite and Vega will be used to identify possible flaws in test cases dealing with users’ sensitive and private information. Currently, there are no comparisons of these two open-source tools to quantify the number of flaws...
Network Security
The blackhat's toolbox: SQL injections
2007 •
Steve Moyle
Anti SQL IA Vaccine for Detection and Prevention of SQL Injection Attacks
Library for Science AND Technology. (FREE ARCTICLE FOR SCIENCE)
Anti SQL IA Vaccine is a new concept for Detection and Prevention of SQL Injection Attacks on development phase itself‖ which helps and manages the important private customer data in a secured manner by mirroring the important database structures into unique secure mirroring tables which is managed in a differently managed secure data management system which runs on same or different servers. An independently managed verification tool is used to inspect and search the possibility of an SQL injection in the source code of the webpages at the development phase itself. This plays an effective medium in the prevention and detection of SQL Injection, which is one of the major web attack terminology which is effectively utilized by various malwares and hackers to steal valuable data from websites of various organizations which manages their transactions through online and web databases. These are unique type of intrusion that takes advantage of improperly managed/amateur coding in the web applications. SQLIA allows intruders to inject SQL commands into access data’s from the web forms to allow them to gain access to the data held within your database. In this paper we will discuss several types of SQLIAs, existing techniques and their drawbacks. Finally I have proposed a solution for SQLIA detection using data dictionary and prevention using the intrusion search along with SQL vaccine. I have implemented it using ASP.net with VB.net and SQL Server 2008, although this algorithm can be implemented in any language and for any database platform with minimal modifications.
Defensive Database Programming with SQL Server
Sai Sankar Tummalapalli
Detect and Prevent SQLIA by Dynamic Monitoring
hanaa salman
Web applications play a very important role in many fields and become an integral part of the daily lives of millions of users to offer business and convenience services ,Most of the web applications increase their adoption of database systems as a back end to store critical information for the daily billions of transactions are done online .The SQL injection attacks (SQLIAs) one amongst the most dangerous vulnerabilities for Web applications, and represent a trick to SQL query as a serious threat to database server by input possibly such as form fields, The consequences of this type of attacks are poses serious security threats to web applications they allow attackers intelligently obtain unrestricted access to bypass the authentication databases systems or stolen sensitive information these databases contain might. In this paper we present a detailed survey on various kinds of SQLIAs types and also compared existing detection and prevention techniques against these attacks with proposed system in order to find out analytically to what extent they can be claimed effective. Results of an empirical study showed the proposed technique is give promising result in detect more SQLIAs types with respect to the existing tools
Smart Cities and Regional Development (SCRD) Journal
Security Testing With Python Scripts
Alma Hyra
Cyber security is one of the main issues that is discussed today everywhere in the world. The development of technology has grown rapidly and it is important that this development should be done simultaneously with the increase in security. When we talk about the network, we must also consider its "Security". On the other hand, Python is a language which, especially in recent times, has received a great development and now we can say that it enjoys such a wide community. Our goal in this article is the advantages that this programming language offers in cases of cyber security issues. It has everything that cyber security professionals need to protect against cyber vulnerabilities and threats. It allows developers to do anything that relates to cyber security by detecting threats to system fixes. Python is a high-level, general-purpose, interpreted programming language for analyzing small networks. So, the implications of the study are for cybersecurity professionals and d...
Indonesian Journal of Electrical Engineering and Computer Science
SQL injection attacks countermeasures assessments
2021 •
Indonesian Journal of Electrical Engineering and Computer Science
SQL injections attacks have been rated as the most dangerous vulnerability of web-based systems over more than a decade by OWASP top ten. Though different static, runtime and hybrid approaches have been proposed to counter SQL injection attacks, no single approach guarantees flawless prevention/ detection for these attacks. Hundreds of components of open source and commercial software products are reported to be vulnerable for SQL injection to CVE repository every year. In this mapping study, we identify different existing approaches in terms of the cost of computation and protection offered. We found that most of the existing techniques claim to offer protection based on the testing on a very small or limited scale. This study dissects each proposed approach and highlights their strengths and weaknesses and categorizes them based on the underlying technology used to detect or counter the injection attacks.
Lecture Notes in Computer Science
Detecting Malicious SQL
2007 •
José Fonseca
Web based applications often have vulnerabilities that can be exploited to launch SQL-based attacks. In fact, web application developers are normally concerned with the application functionalities and can easily neglect security aspects. The increasing number of web attacks reported every day corroborates that this attack-prone scenario represents a real danger and is not likely to change favorably in the future.
International Journal of Wireless and Microwave Technologies
SQL Injection Detection Tools Advantages and Drawbacks
2021 •
hazem harb