scholarly journals Analysis of the defending possibilities against SQL Injection attacks

2019 ◽  
Vol 13 ◽  
pp. 339-344
Author(s):  
Chrystian Byzdra ◽  
Grzegorz Kozieł
Keyword(s):  
Sensitive Data ◽  
Sql Injection ◽  
Injection Attacks ◽  
Simulation Results ◽  
Effectiveness And Efficiency ◽  
Sql Injection Attacks ◽  
Database Protection

The article describes various protection methods of database and types of SQL Injection attacks. These are extremely dangerous attacks because they threaten the confidentiality of sensitive data. In order to analyze in detail protection methods and methods of attacks, simulations of attacks and defence were performed in the following languages: C #, PHP, Java. Based on the simulation results for particular languages, the effectiveness and efficiency of database protection methods were compared.

scholarly journals Analisis Keamanan pada Aplikasi Her-registrasi Online Mahasiswa Universitas Diponegoro

2016 ◽  
Vol 4 (3) ◽  
pp. 479
Author(s):  
Hilal Afrih Juhad ◽  
R. Rizal Isnanto ◽  
Eko Didik Widianto
Keyword(s):  
Security Analysis ◽  
Audit Report ◽  
Security Audit ◽  
Sensitive Data ◽  
Sql Injection ◽  
Online Application ◽  
Injection Attacks ◽  
Sql Injection Attacks ◽  
Application Developers ◽  
Cross Site

The security aspect is often forgotten in the application of Information Technology. The attacks were caused by the negligence of the developer causes damage to the system used. SQL Injection attacks, Cross Site Scripting attacks, and no use of encrypted channels lead to the exposure of sensitive data users. Objectives of this research is to perform an audit and analysis of the security aspects against the Her-registration Colege Students Online Application of Diponegoro University. Audit and security analysis is prevention step so that the vulnerabilities found not to be a entrances to the system hackers. The results of this research are a security audit report that contains the vulnerability Her-registration College Students Online Application of Diponegoro University. The audit report will be used as a reference for application developers Her-registration Colege Students Online Application of Diponegoro University to improve the system.

Intrusion Detection Systems for Mitigating SQL Injection Attacks

2020 ◽  
Vol 14 (2) ◽  
pp. 20-40 ◽  
Author(s):  
Rui Filipe Silva ◽  
Raul Barbosa ◽  
Jorge Bernardino
Keyword(s):  
Intrusion Detection ◽  
The State ◽  
Intrusion Detection Systems ◽  
Sql Injection ◽  
Detection Systems ◽  
Injection Attacks ◽  
Security Infrastructure ◽  
State Of Practice ◽  
Sql Injection Attacks ◽  
Database Protection

Databases are widely used by organizations to store business-critical information, which makes them one of the most attractive targets for security attacks. SQL Injection is the most common attack to webpages with dynamic content. To mitigate it, organizations use Intrusion Detection Systems (IDS) as part of the security infrastructure, to detect this type of attack. However, the authors observe a gap between the comprehensive state-of-the-art in detecting SQL Injection attacks and the state-of-practice regarding existing tools capable of detecting such attacks. The majority of IDS implementations provide little or no protection against SQL Injection attacks, with exceptions like the tools Bro and ModSecurity. In this article, the authors compare these tools using the CSIC dataset in order to examine the state-of-practice in database protection from SQL Injection attacks, identifying the main characteristics and implementation details needed for IDSs to successfully detect such attacks. The experiments indicate that signature-based IDS provide the greatest coverage against SQL Injection.

scholarly journals Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks

2010 ◽  
Vol 1 (1) ◽  
pp. 20-40 ◽  
Author(s):  
San-Tsai Sun ◽  
Konstantin Beznosov
Keyword(s):  
Web Applications ◽  
False Positives ◽  
Sql Injection ◽  
Injection Attacks ◽  
Track Parameter ◽  
Effective Dynamic ◽  
Protection Mechanisms ◽  
Sql Injection Attacks ◽  
Application Developers ◽  
Parameter Values

This article presents an approach for retrofitting existing Web applications with run-time protection against known, as well as unseen, SQL injection attacks (SQLIAs) without the involvement of application developers. The precision of the approach is also enhanced with a method for reducing the rate of false positives in the SQLIA detection logic, via runtime discovery of the developers’ intention for individual SQL statements made by Web applications. The proposed approach is implemented in the form of protection mechanisms for J2EE, ASP.NET, and ASP applications. Named SQLPrevent, these mechanisms intercept HTTP requests and SQL statements, mark and track parameter values originating from HTTP requests, and perform SQLIA detection and prevention on the intercepted SQL statements. The AMNESIA testbed is extended to contain false-positive testing traces, and is used to evaluate SQLPrevent. In our experiments, SQLPrevent produced no false positives or false negatives, and imposed a maximum 3.6% performance overhead with 30 milliseconds response time for the tested applications.

SQL Injection Attacks Countermeasures

2012 ◽  
pp. 194-213
Author(s):  
Kasra Amirtahmasebi ◽  
Seyed Reza Jalalinia
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Confidential Information ◽  
Sql Injection ◽  
Unauthorized Access ◽  
Injection Attacks ◽  
Prevention Techniques ◽  
Sql Injection Attack ◽  
Sql Injection Attacks ◽  
The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Sign in / Sign up

Export Citation Format

Share Document