A black-box testing tool for detecting SQL injection vulnerabilities

Djuric, Zoran

doi:10.1109/icoia.2013.6650259

Cited by 36 publications

(22 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The malicious statement is, for example, sent via user input fields in web forms. If the application fails to validate the input properly, the malicious statements are injected into legitimate queries and forwarded to the DBMS [2]- [5].…”

Section: Introductionmentioning

confidence: 99%

SQL Injection Attacks Detection & Prevention Techniques

Yigit¹,

Arnavutoğlu²

2017

IJCTE

View full text Add to dashboard Cite

Abstract-SQL Injection Attack (SQLIA) is a type of code injection technique that threatens confidentiality, integrity, and availability of web databases. The attacker mostly exploits incorrectly filtered user inputs such as text fields in web applications and tries to insert malicious SQL statements into a legitimate query via the vulnerable user input. By doing so, the attacker can access, insert, modify, or delete critical information in a database without proper authorization. In this survey, we describe and categorize types of SQLIA, and analyze existing detection and prevention techniques against such attacks.

show abstract

Section: Introductionmentioning

confidence: 99%

SQL Injection Attacks Detection & Prevention Techniques

Yigit¹,

Arnavutoğlu²

2017

IJCTE

View full text Add to dashboard Cite

show abstract

“…academic, open source Scanner and commercial [7], [8]. Individuals having same interest of research take assistance from academic scanner to introduce their own scanner like SQIVS [9], Increase the MySQLinj factor [10], secubat [11] State aware scanner [12], Amnisia [13] and wave [14], etc. Many academic scanners are not in the reach of a public, language dependent and are under development.…”

Section: Background and Litrature Reviewmentioning

confidence: 99%

“…9. The basic idea for implementation of crawling component was taken from existing systems [9], [11], [14], [27], [28]. 2) Attack Module: Once crawling phase was completed; next phase is to initialize processing on the list of target web pages.…”

Section: ) Crawling Modulementioning

confidence: 99%

“…10. For each AEP, a set of valid parameter values is generated that are used by different researchers [9], [11], 14] to generate HTTP request. The outcome of this request is referenced in HTML page.…”

Section: ) Crawling Modulementioning

confidence: 99%

“…This analysis method is said to be a black-box testing. There are a lot of automated and manual testing tools for XSS detection, SQLi also detecting other vulnerabilities scanners [6], [9]- [15] in order to make web security easier for web developers/admin. This research www.ijacsa.thesai.org presents an open source web vulnerability scanner that use black box technique to carry out crawling and scanning for websites, to effectively detect the presence of exploitable web vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Web Unique Method (WUM): An Open Source Blackbox Scanner for Detecting Web Vulnerabilities

Khalid¹,

Iqbal²,

Alam³

et al. 2017

ijacsa

View full text Add to dashboard Cite

Detection of structure query language injection vulnerability in web driven database application

Aliero

Qureshi

Pasha

et al. 2020

Concurrency and Computation

View full text Add to dashboard Cite

Summary Structure Query Language Injection Attack is among the top 10‐security threats that can be used on the web application to cause severe damage or gain unauthorized data access to the application server. Many reports have indicated an average of 64% of global websites are at risk of being attack by SQL injection, and many of the top companies have experienced thousands of attacks attempts through SQL injection. The current trend shows the increasing number of attacks factor as a result of the daily deployment of these applications without security detection and prevention mechanism is placed. To overcome this challenge, researches in academia and industry presented a proposal that automates SQL injection vulnerabilities assessment on the tested application. Current studies show the need to enhance techniques of these proposals to reduce the false alarms. In this study, we propose a component‐based technique to minimize the incidence of inaccurate results, as well as enable the ease of improving the proposed solution. The study uses three costumed applications as tested to evaluate the accuracy of the proposed solution. Each of these testbed consists of several vulnerabilities where the experimental evaluation performs to test the proposed tool. An empirical evaluation is carried out on three vulnerable custom websites to evaluate the effectiveness of the proposed study. The experiment results indicated significant results in terms of high accuracy. On the other hand, the proposed solution also has better capabilities to analyze page response based on four different techniques. Moreover, the proposed solution is the only solution that performs stored procedure attacks SQL and bypass login authentication even if the returned records are limited restriction is applied.

show abstract

A black-box testing tool for detecting SQL injection vulnerabilities

Cited by 36 publications

References 14 publications

SQL Injection Attacks Detection & Prevention Techniques

SQL Injection Attacks Detection & Prevention Techniques

Web Unique Method (WUM): An Open Source Blackbox Scanner for Detecting Web Vulnerabilities

Detection of structure query language injection vulnerability in web driven database application

Contact Info

Product

Resources

About