Toward an SDN-Based Web Application Firewall: Defending against SQL Injection Attacks

Al-Otaibi, Fahad M.

doi:10.3390/fi15050170

Cited by 8 publications

(6 citation statements)

References 32 publications

(41 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lu et al 12 Alotaibi et al 13 Patidar et al 14 Liu et al 15 Alghawazi et al 16 Saini et al 17 Sheth et al 18 Okesola et al 19 Labib et al 20 Marashdih et al 21 Mehta et al 22 Henry et al 23 Pruzinec et al 24 Irungu et al 25 Fratty et al 26 Logozzo et al 27 Singh et al 28 Crespo-Martínez et al 29 Fu et al 30 Philip et al 31 Barsellotti et al 32 Mallissery et al 33 Lu et al 12 Alotaibi et al 13 Guan et al 34 Nasrullayev et al 35 Muhammad et al 36 Brintha et al 37 Al Badri et al [36] Lu et al 12 (2023)…”

Section: Parse Tree Validation Policy Enforcement Isr Taint Tracking ...mentioning

confidence: 99%

Analysis of SQL injection attacks in the cloud and in WEB applications

Kumar,

Dutta,

Pranav

2024

Security and Privacy

View full text Add to dashboard Cite

Cloud computing has revolutionized the way IT industries work. Most modern‐day companies rely on cloud services to accomplish their day‐to‐day tasks. From hosting websites to developing platforms and storing resources, cloud computing has tremendous use in the modern information technology industry. Although an emerging technique, it has many security challenges. In structured query language injection attacks, the attacker modifies some parts of the user query to still sensitive user information. This type of attack is challenging to detect and prevent. In this article, we have reviewed 65 research articles that address the issue of its prevention and detection in cloud and Traditional Networks, of which 11 research articles are related to general cloud attacks, and the rest of the 54 research articles are specifically on web security. Our result shows that Random Forest has an accuracy of 99.8% and a Precision rate of 99.9%, and the worst‐performing model is Multi‐Layer Perceptron (MLP) in the SQLIA Model. For recall value, Random Forest performs best while TensorFlow Linear Classifier performs worst. F1 score is best in Random Forest, while MLP is the most diminutive performer.

show abstract

Section: Parse Tree Validation Policy Enforcement Isr Taint Tracking ...mentioning

confidence: 99%

Analysis of SQL injection attacks in the cloud and in WEB applications

Kumar,

Dutta,

Pranav

2024

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…By injecting malignant SQL queries into user-supplied data, attackers can exploit the network's policies, compromise the integrity of network flows, and gain unapproved access to sensitive data. SDN architectures should apply robust security measures, such as IDS-based ML, to prevent this threat [20].…”

Section: Sql Injectionmentioning

confidence: 99%

“…DL-based approaches are particularly effective in identifying unknown or zero-day attacks. However, they often require a large amount of labelled training data and computational resources [20].…”

Section: Anomaly -Based Detectionmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Intrusion Detection Systems based Machine Learning Approaches Applied to Software-Defined Networks (SDN): Research Issues and Challenges

Janabi,

Kanakis,

Johnson

2023

Preprint

View full text Add to dashboard Cite

: Cybersecurity has become a critical area in the digital field in recent years. The expansion of networks has revolutionised the way network structures are organised and managed. However, with increased connectivity and the growing complexity of modern networks, the threat of cyber-attacks has become more intense. As technology continues to advance, it brings both opportunities and challenges. One of the major challenges is the need to secure networks and sensitive data from various malicious activities. Traditional networks have evolved to include Software Defined Network (SDN), which offers a more flexible and programmable framework. Researchers should focus on detecting attacks in SDN because SDN networks are becoming more popular and attractive targets for clients due to their programmability and dynamic nature. The centralised controller, known as the backbone of an SDN, becomes a single point of failure and a potential target for attackers if not properly secured. Researchers need to emphasise the detection of attacks in SDN in order to mitigate these risks. By understanding the potential vulnerabilities and attack methods specific to SDN, researchers can develop effective detection approaches and propose countermeasures. This methodology helps protect the network from potential threats and minimises the impact of successful attacks. Therefore, this survey paper provides a review of Intrusion Detection Systems (IDSs) in Software-Defined Networks (SDN) to provide a thorough understanding of SDN security issues.

show abstract

“…In order to maintain security from SQLi attacks, mitigation needs to be implemented as a very important step taken to reduce the risk and impact of SQLi attacks on an application or system (22). The main goal of SQLi mitigation is to prevent attackers from successfully injecting malicious SQL commands into an application or system, so that sensitive data is not exposed or corrupted (23). One effective way of mitigation is to install a firewall layer on the website (24).…”

Section: Introductionmentioning

confidence: 99%

Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework

Fadlil,

Riadi,

Mu’min

2024

IJE

View full text Add to dashboard Cite

SQL injection (SQLi) is one of the most common attacks against database servers and has the potential to threaten server services by utilizing SQL commands to change, delete, or falsify data. In this study, researchers tested SQLi attacks against websites using a number of tools, including Whois, SSL Scan, Nmap, Open Web Application Security Project (OWASP) Zap, and SQL Map. Then, researchers identified SQLi vulnerabilities on the tested web server. Next, researchers developed and implemented mitigation measures to protect the website from SQLi attacks. Test results using OWASP Zap identified 14 vulnerabilities, with five of them at a medium level of 35%, seven at a low level of 50%, and two at an informational level of 14%. Meanwhile, testing using SQL Map succeeded in gaining access to the database and username on the web server. The next step in this research is to provide recommendations for installing a firewall on the website as a mitigation measure to reduce the risk of SQLi attacks. The main contribution of this research is the development of a structured methodology to identify and address SQLi vulnerabilities in web servers, which play an important role in maintaining data security and integrity in a rapidly evolving online environment.

show abstract

Toward an SDN-Based Web Application Firewall: Defending against SQL Injection Attacks

Cited by 8 publications

References 32 publications

Analysis of SQL injection attacks in the cloud and in WEB applications

Analysis of SQL injection attacks in the cloud and in WEB applications

A Survey of Intrusion Detection Systems based Machine Learning Approaches Applied to Software-Defined Networks (SDN): Research Issues and Challenges

Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework

Contact Info

Product

Resources

About