Refine your search
Collections
Year
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Umar, Kabir
- SQL Injection Attack Roadmap and Fusion
Abstract Views :204 |
PDF Views:0
Authors
Kabir Umar
1,
Abu Bakar Md Sultan
1,
Hazura Zulzalil
1,
Novia Admodisastro
1,
Mohd Taufik Abdullah
1
Affiliations
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Selangor, MY
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Selangor, MY
Source
Indian Journal of Science and Technology, Vol 9, No 28 (2016), Pagination:Abstract
With SQL Injection, an attacker can change the intended effect of dynamically generated query in a web Application. This can lead to unauthorized access to the database underlying web application, and harmful transactions on the potentially sensitive information contained in the database. Clear understanding of a problem always assists in finding stronger solution to the problem. In this paper, we conducted an extensive review of several empirical studies on SQL injection attacks and vulnerabilities, with the goal of providing the research community with better insight into possible relationship that exists between different types of SQL Injection Attacks (SQLIAs), and the types of vulnerabilities exploited by each. Consequently, the result of our study is presentation of SQLIAs fusion which shows how different types of SQLIAs lead to one another, and also presentation of step by step SQLIA roadmap. We are very optimistic that our study can help the research community with clearer understanding of SQL Injections, and thus facilitates emergence of stronger solutions to the long standing problem.Keywords
Attack Intents, Attack Mechanism, Inter-attacks Relationship, Vulnerabilities Exploitation, Web Applications.Full Text
- Enhanced Pushdown Automaton based Static Analysis for Detection of SQL Injection Hotspots in Web Application
Abstract Views :205 |
PDF Views:0
Authors
Kabir Umar
1,
Abu Bakar Md Sultan
1,
Hazura Zulzalil
1,
Novia Admodisastro
1,
Mohd Taufik Abdullah
1
Affiliations
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Selangor, MY
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Selangor, MY
Source
Indian Journal of Science and Technology, Vol 9, No 28 (2016), Pagination:Abstract
SQL injection Hotspots (SQLiHs) are Application’s Entry Points (AEPs) through which SQL injection is possible, subject to the application’s internal sanitization or validation capabilities. Since not all AEPs are SQLiHs, one serious challenge during testing of very large web application for detection of SQL Injection Vulnerabilities (SQLIVs) is how to reliably decide which AEPs to consider for the test and which AEPs are unnecessary? In this paper, we propose a new Pushdown Automaton (PDA) based static analysis technique for detection of SQLiHs in web applications. The goal is to produce concrete information that can reliably and confidently guide both human tester/developer and SQLIVs detection tools/techniques as to which part of the source code to concentrate their efforts during detection and fixing of SQL injection flaws in an application. The proposed technique is an integral part of an on-going research on automated method for detection and removal of SQLIVs in web application. Experimental evaluation of the method is in progress. However, preliminary results show that the proposed technique is both feasible and effective.Keywords
Context Free Grammar, Data Flow Path, Sensitive Sink, Vulnerabilities.Full Text