Study of SQL Injection Attacks and Countermeasures

Sajjadi, Sayyed Mohammad Sadegh; Pour, Bahare Tajalli

doi:10.7763/ijcce.2013.v2.244

Cited by 19 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…SQL injection is a technique for exploiting security vulnerabilities at the database layer of an application [7]. This cybercrime threat can occur because of inputs that are not properly filtered in its manufacture, so it creates a loophole that can be abused [8], an example of which can be seen in In the absence of a filter on the website url, most likely, the website is vulnerable to SQL injection [9]. For example can be seen in Figure 1, the address www.example/id.php?=1, behind the url address, there is a GET method, meaning that the url is requesting access to the database with the syntax, "Select * from example where id =1, here the database returns a value, to display all tables with id = 1, therefore, if the attacker knows the structure of the website's database, then the attacker can retrieve all existing data in the database of the attacked website [10].…”

Section: Sql Injectionmentioning

confidence: 99%

“…There are several types of security testing, first one is vulnerability Scanning is a security test carried out through automated software to scan a web application to look for vulnerabilities such as SQL Injection, Cross Site Scripting, and other vulnerabilities [17], second is security scanning is a scan used to find vulnerabilities or unwanted file modifications in web-based applications, websites, networks, or file systems, third is penetration testing is a testing process by simulating a cyber attack on the system to be tested. This test will be carried out manually by a professional and certified pentester using various pentest tools and techniques [8], fourth is risk assessment through risk assessment, security risks faced by applications, software, and networks will be identified and analyzed. The security risks will then be classified into several categories, namely high, medium, and low [18], fifth security auditing is a structured method for evaluating security measures within a company [19], next one is ethical hacking is a security test carried out using all hacking techniques and other related computer attack techniques [20].…”

Section: Security Assessment / Testingmentioning

confidence: 99%

See 1 more Smart Citation

Vulnerability Detection With K-Nearest Neighbor and Naïve Bayes Method using Machine Learning

Herman,

Riadi,

Kurniawan

2023

Int. J. Artif. Intell. Res

View full text Add to dashboard Cite

In this day and age, the use of the Internet has increased. SQL injection is a serious security threat on the Internet for various dynamic websites. As the use of the Internet for various online services increases, so make the security threats that exist on the Web. SQL injection attacks are one of the most serious security vulnerabilities on the Web. Most of these vulnerabilities are caused by a lack of input validation and the use of SQL parameters. SQLMap is an application from the Kali Linux operating system that is useful for injecting data on a website by using the features available in this application. In this paper, author conducts a security assessment to detect attacks on a website, more precisely to detect SQL Injection attacks, using the K-Nearest Neighbor method and naïve bayes. The results obtained are that the website being tested has SQL Injection vulnerabilities, and the K-Nearest Neighbor method is the best method for this case because it has an accuracy of 94.2%. In comparison, the Naïve Bayes method has an accuracy of 80%.

show abstract

Section: Sql Injectionmentioning

confidence: 99%

Section: Security Assessment / Testingmentioning

confidence: 99%

Vulnerability Detection With K-Nearest Neighbor and Naïve Bayes Method using Machine Learning

Herman,

Riadi,

Kurniawan

2023

Int. J. Artif. Intell. Res

View full text Add to dashboard Cite

show abstract

“…Analizirajući sintaksu stabla raščlanjivanja SQL upita, moguće je generirati precizne zahtjeve za točnim napadom (Sajjadi, Pour, 2013).…”

Section: Candidunclassified

“…Kroz te mehanizme uzimaju se prednosti obje strategije kako bi klasificiranje SQL upita bilo što pouzdanije. Konačno, kako bi se SQL upiti klasificirali kao nepovjerljivi, koristi se mehanizam virtualizacije koja kombinira tehnike klasteriranja i neuronskih modela koji su bez nadzora (Sajjadi, Pour, 2013).…”

Section: Aiida-sqlunclassified

Napadi ubacivanjem SQL izraza – prevencija i obrana

Ljubičić¹,

Jakšić

Poščić

2020

Zb. Veleuč. Rij. (Online)

View full text Add to dashboard Cite

Napad ubacivanjem SQL izraza jedna je od najozbiljnijih prijetnji sigurnosti aplikacija zasnovanih nad bazom podataka. Ona omogućuje napadaču da stekne kontrolu nad bazom podataka aplikacije, čime napadač dobiva mogućnost izmjene podataka. Mnoga se istraživanja usmjeravaju na ovaj problem. Brojni su autori predložili različite pristupe za otkrivanje i sprječavanje ove ranjivosti, no koliko je ovaj problem i dan danas prisutan govori i činjenica da ni ti pristupi ne predstavljaju u potpunosti uspješno rješenje. U ovom radu opisano je nekoliko vrsta napada ubacivanjem SQL izraza te različiti alati i metode koji mogu pružiti određenu prevenciju i obranu od tih napada. Predložene su različite metode za rješavanje problema napada ubacivanjem SQL izraza u obliku opsežnih pregleda varijacija napada ubacivanjem SQL izraza te njihovih opisa i primjera, kako bi se bolje spoznao njihov štetan utjecaj i krajnje posljedice. Štoviše, u radu je dan i kratak pregled prijedloga pojedinih autora vezanih uz prevenciju i obranu od napada ubacivanjem SQL izraza. Na kraju je iznesen zaključak uz objektivan pregled i analizu cjelokupnog istraživanja. Glavni doprinos rada je pregled dosadašnjih istraživanja i pristupa vezanih uz: a) prevenciju napada ubacivanjem SQL izraza i b) obranu od napada ubacivanjem SQL izraza.

show abstract

Prevention Guidelines of SQL Injection Database Attacks: An Experimental Analysis

Bittal¹,

Banerjee²

2015

Emerging Research in Computing, Information, Communication and Applications

View full text Add to dashboard Cite

In today's global world every organization or enterprise, storing their essential data in terms of Databases and shares their data to authenticated users on the web through some security mechanisms. But now-a-days security is a big issue because of various types of database attacks. SQL injection is one type of such an attacks that inoculate a destructive SQL code to misuse database of an application. In this paper, we did experimental analysis on web-database applications as well as purely database applications and presented prevention guidelines of SQL injection attacks.

show abstract

Study of SQL Injection Attacks and Countermeasures

Cited by 19 publications

References 7 publications

Vulnerability Detection With K-Nearest Neighbor and Naïve Bayes Method using Machine Learning

Vulnerability Detection With K-Nearest Neighbor and Naïve Bayes Method using Machine Learning

Napadi ubacivanjem SQL izraza – prevencija i obrana

Prevention Guidelines of SQL Injection Database Attacks: An Experimental Analysis

Contact Info

Product

Resources

About