Identification and Mitigation Tool for Sql Injection Attacks (SQLIA)

Rankothge, Windhya; Randeniya, Mohan; Samaranayaka, Viraj

doi:10.1109/iciis51140.2020.9342703

Cited by 10 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…No Name (TTCN-3) [102], NodeXP [104], OSV [107], ObjectMap [105], Owfuzz [108], PURITY [117], PenQuest [112], PentestGPT [113], PhpSAFE [114], Pyciuti [118], Pyciuti [118], RAT [119], ROSploit [123], RT-RCT [124], RT-RCT [124], Revealer [120], RiscyROP [121], Robin [122], SOA-Scanner [130], SVED [133], Scan-ner++ [125], SerialDetector [127], ShoVAT [128], ShoVAT [128], Snout [129], Snout [129], Spicy [131], Spicy [131], SuperEye [132], TAMELESS [134], TChecker [135], TORPEDO [136], UE Security Reloaded [137], VAPE-BRIDGE [139], VERA [140], VUDDY [141], VulCNN [143], VulDeePecker [144], VulPecker [147], Vulcan [142], Vulnet [145], Vulnsloit [146], WAPTT [148], WebFuzz [149], WebVIM [150] Resource Development ...…”

Section: Reconnaissancementioning

confidence: 99%

“…Black Widow [58], Chainsaw [62], PhpSAFE [114], TChecker [135], WAPTT [148], WebFuzz [149] Software And Platform Security: Web & Mobile Security: Server Side Vulnerabilities And Mitigations: Injection Vulnerabilities: Cross-Site Scripting (Xss): Reflected Xss Link [86] Software And Platform Security: Web & Mobile Security: Server Side Vulnerabilities And Mitigations: Injection Vulnerabilities: Sql-Injection Chainsaw [62], PhpSAFE [114], TChecker [135], WAPTT [148], WebVIM [150] Software And Platform Security: Web & Mobile Security: Server Side Vulnerabilities And Mitigations: Injection Vulnerabilities: User Uploaded Files FUSE [78] Systems Security: Authentication, Authorisation & Accountability: Authentication: Passwords ADaMs [51], GNPassGAN [80], NeuralNetwork-Cracking [100], NoCrack [103], OMEN [106], PassGAN [109], PassGPT [110], PasswordCrack-ingTraining [111], SemanticGuesser [126] Systems Security: Distributed Systems Security Cairis [60], MAL [91], PenQuest [112] Table B.10: CyBOK classification ACM CCS Tools Hardware: Emerging Technologies: Analysis And Design Of Emerging Devices And Systems: Emerging Architectures AVAIN [55], Diane [70], EBF [71], IoTFuzzer [83], Mirage [94], ROSploit [123], RT-RCT [124], Snout [129] Human-Centered Computing: Human Computer Interaction (Hci): Interactive Systems And Tools TAMELESS [134] Networks: Network Components: Intermediate Nodes: Routers ESRFuzzer…”

Section: Cybok Toolsmentioning

confidence: 99%

See 1 more Smart Citation

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field.

show abstract

Section: Reconnaissancementioning

confidence: 99%

Section: Cybok Toolsmentioning

confidence: 99%

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

show abstract

“…The main goal of SQLi mitigation is to prevent attackers from successfully injecting malicious SQL commands into an application or system, so that sensitive data is not exposed or corrupted (23). One effective way of mitigation is to install a firewall layer on the website (24). These firewalls play a key role in protecting websites by implementing specific rules aimed at blocking and eliminating potentially malicious traffic (25).…”

Section: Introductionmentioning

confidence: 99%

Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework

Fadlil,

Riadi,

Mu’min

2024

IJE

View full text Add to dashboard Cite

SQL injection (SQLi) is one of the most common attacks against database servers and has the potential to threaten server services by utilizing SQL commands to change, delete, or falsify data. In this study, researchers tested SQLi attacks against websites using a number of tools, including Whois, SSL Scan, Nmap, Open Web Application Security Project (OWASP) Zap, and SQL Map. Then, researchers identified SQLi vulnerabilities on the tested web server. Next, researchers developed and implemented mitigation measures to protect the website from SQLi attacks. Test results using OWASP Zap identified 14 vulnerabilities, with five of them at a medium level of 35%, seven at a low level of 50%, and two at an informational level of 14%. Meanwhile, testing using SQL Map succeeded in gaining access to the database and username on the web server. The next step in this research is to provide recommendations for installing a firewall on the website as a mitigation measure to reduce the risk of SQLi attacks. The main contribution of this research is the development of a structured methodology to identify and address SQLi vulnerabilities in web servers, which play an important role in maintaining data security and integrity in a rapidly evolving online environment.

show abstract

“…Se o ataque for bem sucedido, usuários não autorizados acessam e manipulam o banco de dados da organização. Esta violação de segurança pode acarretar roubo de informações, perda de consistência e indisponibilidade do servidor [Fang et al 2018, Hanmanthu et al 2015, Rankothge et al 2020.…”

Section: Introductionunclassified

“…Diversas pesquisas propõem identificar e prevenir ataques SQLIA utilizando técnicas de aprendizado de máquina [Rankothge et al 2020]. A literatura comprova que tais algoritmos são eficientes na detecção de SQLIA [Fang et al 2018, Joshi and Geetha 2014, Kim and Lee 2014, Mishra 2019, Tang et al 2020.…”

Section: Introductionunclassified

Análise de diferentes técnicas de pré-processamento em algoritmos de Aprendizado de Máquina na detecção de SQL Injection

Souza

Silva

Rafael

et al. 2021

Anais Do XLVIII Seminário Integrado De Software E Hardware (SEMISH 2021)

View full text Add to dashboard Cite

Atualmente, a SQL Injection é uma das maiores ameaças à segurança das aplicações WEB. Desta forma, diversas abordagens vêm sendo analisadas para tentar resolver esse problema. O objetivo deste trabalho foi utilizar algoritmos de aprendizado de máquina para detectar SQL Injection a partir do tratamento dos dados de entrada de cinco formas diferentes, variando a tokenização, transformação e extração de atributos das bases de SQL Padrão e Injection. Os algoritmos utilizados foram Naive Bayes, SVM, Gradient Boosting Tree (GBT) e Random Forest (RF). O melhor resultado foi obtido com o GBT com as métricas G-Test e Entropia, calculadas sobre tokenização e transformação com expressão regular, apresentando acurácia de 98.46%.

show abstract

Identification and Mitigation Tool for Sql Injection Attacks (SQLIA)

Cited by 10 publications

References 5 publications

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework

Análise de diferentes técnicas de pré-processamento em algoritmos de Aprendizado de Máquina na detecção de SQL Injection

Contact Info

Product

Resources

About