Poor Coding Leads to DoS Attack and Security Issues in Web Applications for Sensors

Jalbani, Khuda Bux; Yousaf, Muhammad; Sarfraz, Muhammad Shahzad; Oskouei, Rozita Jamili; Hussain, Akhtar; Memon, Zojan

doi:10.1155/2021/5523806

Cited by 4 publications

(6 citation statements)

References 15 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Users' credentials, such as usernames and passwords, can be taken by using SQL injection. This can then be used to access user accounts without authorization [112], [113].…”

Section: ) Sql Injectionmentioning

confidence: 99%

Online Banking User Authentication Methods: A Systematic Literature Review

Karim,

Khashan,

Kanaker

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Online banking has become increasingly popular in recent years, making it a target for cyberattacks. Banks have implemented various user authentication methods to protect their customers' online accounts. This paper reviews the state-of-the-art user authentication methods used in online banking and potential cyber threats. This paper starts by exploring different user authentication methods, such as knowledge-based authentication (KBA), biometrics-based authentication (BBA), possession-based authentication (PBA), and other methods. The advantages and disadvantages of each user authentication method are then discussed. Furthermore, the paper discusses the various cyber threats that can compromise user authentication for online banking systems, such as malware attacks, social engineering, phishing attacks, man-in-the-middle (MiTM) attacks, denial of service (DoS) attacks, session hijacking, weak passwords, keyloggers, SQL injection, and replay attacks. Also, the paper explores the user authentication methods used by popular banks, which can provide insights into best practices for safeguarding online banking accounts and future user authentication methods in online banking and cyber threats. It states that the increasing use of BBA, two-factor authentication (2FA), and multi-factor authentication (MFA) will help improve the security of online banking systems. However, the paper also warns that new cyber challenges will emerge, and banks need to be vigilant in protecting their customers' online banking accounts.

show abstract

“…Users' credentials, such as usernames and passwords, can be taken by using SQL injection. This can then be used to access user accounts without authorization [112], [113].…”

Section: ) Sql Injectionmentioning

confidence: 99%

Online Banking User Authentication Methods: A Systematic Literature Review

Karim,

Khashan,

Kanaker

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…According to [102], ineffective coding and the selection of ineffective programming software solutions significantly contribute to the unavailability of web application services as attackers exploit the vulnerability of input fields. This condition is accomplished by either putting the SQL query command into the input or appending the query with the desired uniform resource locator (URL).…”

Section: Smartphone User Activities Based On Software Modalitymentioning

confidence: 99%

“…This condition is accomplished by either putting the SQL query command into the input or appending the query with the desired uniform resource locator (URL). These SQL queries are converted to SQL code that an attacker inserts [102,103]. This vulnerability injection is the primary vector through which an attacker can compromise a web application's security.…”

Section: Smartphone User Activities Based On Software Modalitymentioning

confidence: 99%

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

2023

View full text Add to dashboard Cite

Advanced persistent threat (APT) refers to a specific form of targeted attack used by a well-organized and skilled adversary to remain undetected while systematically and continuously exfiltrating sensitive data. Various APT attack vectors exist, including social engineering techniques such as spear phishing, watering holes, SQL injection, and application repackaging. Various sensors and services are essential for a smartphone to assist in user behavior that involves sensitive information. Resultantly, smartphones have become the main target of APT attacks. Due to the vulnerability of smartphone sensors, several challenges have emerged, including the inadequacy of current methods for detecting APTs. Nevertheless, several existing APT solutions, strategies, and implementations have failed to provide comprehensive solutions. Detecting APT attacks remains challenging due to the lack of attention given to human behavioral factors contributing to APTs, the ambiguity of APT attack trails, and the absence of a clear attack fingerprint. In addition, there is a lack of studies using game theory or fuzzy logic as an artificial intelligence (AI) strategy for detecting APT attacks on smartphone sensors, besides the limited understanding of the attack that may be employed due to the complex nature of APT attacks. Accordingly, this study aimed to deliver a systematic review to report on the extant research concerning APT detection for mobile sensors, applications, and user behavior. The study presents an overview of works performed between 2012 and 2023. In total, 1351 papers were reviewed during the primary search. Subsequently, these papers were processed according to their titles, abstracts, and contents. The resulting papers were selected to address the research questions. A conceptual framework is proposed to incorporate the situational awareness model in line with adopting game theory as an AI technique used to generate APT-based tactics, techniques, and procedures (TTPs) and normal TTPs and cognitive decision making. This framework enhances security awareness and facilitates the detection of APT attacks on smartphone sensors, applications, and user behavior. It supports researchers in exploring the most significant papers on APTs related to mobile sensors, services, applications, and detection techniques using AI.

show abstract

“…(iv) In paper [3] [10] algorithm selection service (ADS) with genetic algorithm (GA) and tsfresh tool. For IoT stream data, it requires that the anomaly detection algorithm can provide good recommendation for easy operation for IoT devices in factory automation systems.…”

Section: Papers In Is Specialmentioning

confidence: 99%