Visible to the public Biblio

Filters: Keyword is policy-based-governance  [Clear All Filters]
Ojagbule, O., Wimmer, H., Haddad, R. J..  2018.  Vulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP. SoutheastCon 2018. :1–7.

There are over 1 billion websites today, and most of them are designed using content management systems. Cybersecurity is one of the most discussed topics when it comes to a web application and protecting the confidentiality, integrity of data has become paramount. SQLi is one of the most commonly used techniques that hackers use to exploit a security vulnerability in a web application. In this paper, we compared SQLi vulnerabilities found on the three most commonly used content management systems using a vulnerability scanner called Nikto, then SQLMAP for penetration testing. This was carried on default WordPress, Drupal and Joomla website pages installed on a LAMP server (Iocalhost). Results showed that each of the content management systems was not susceptible to SQLi attacks but gave warnings about other vulnerabilities that could be exploited. Also, we suggested practices that could be implemented to prevent SQL injections.

Vyamajala, S., Mohd, T. K., Javaid, A..  2018.  A Real-World Implementation of SQL Injection Attack Using Open Source Tools for Enhanced Cybersecurity Learning. 2018 IEEE International Conference on Electro/Information Technology (EIT). :0198–0202.

SQL injection is well known a method of executing SQL queries and retrieving sensitive information from a website connected database. This process poses a threat to those applications which are poorly coded in the today's world. SQL is considered as one of the top 10 vulnerabilities even in 2018. To keep a track of the vulnerabilities that each of the websites are facing, we employ a tool called Acunetix which allows us to find the vulnerabilities of a specific website. This tool also suggests measures on how to ensure preventive measures. Using this implementation, we discover vulnerabilities in an actual website. Such a real-world implementation would be useful for instructional use in a foundational cybersecurity course.

Katole, R. A., Sherekar, S. S., Thakare, V. M..  2018.  Detection of SQL injection attacks by removing the parameter values of SQL query. 2018 2nd International Conference on Inventive Systems and Control (ICISC). :736–741.

Internet users are increasing day by day. The web services and mobile web applications or desktop web application's demands are also increasing. The chances of a system being hacked are also increasing. All web applications maintain data at the backend database from which results are retrieved. As web applications can be accessed from anywhere all around the world which must be available to all the users of the web application. SQL injection attack is nowadays one of the topmost threats for security of web applications. By using SQL injection attackers can steal confidential information. In this paper, the SQL injection attack detection method by removing the parameter values of the SQL query is discussed and results are presented.

Pareek, Alok, Khaladkar, Bhushan, Sen, Rajkumar, Onat, Basar, Nadimpalli, Vijay, Lakshminarayanan, Mahadevan.  2018.  Real-time ETL in Striim. Proceedings of the International Workshop on Real-Time Business Intelligence and Analytics. :3:1–3:10.
In the new digital economy, on demand access of real time enterprise data is critical to modernize cross organizational, cross partner, and online consumer functions. In addition to on premise legacy data, enterprises are producing an enormous amount of real-time data through new hybrid cloud applications; these event streams need to be collected, transformed and analyzed in real-time to make critical business decision. Traditional Extract-Load-Transform (ETL) processes are no longer sufficient and need to be re-architected to account for streaming, heterogeneity, usability, extensibility (custom processing), and continuous validity. Striim is a novel end-to-end distributed streaming ETL and intelligence platform that enables rapid development and deployment of streaming applications. Striim's real-time ETL engine has been architected from ground-up to enable both business users and developers to build and deploy streaming applications. In this paper, we describe some of the core features of Striim's ETL engine (i) built-in adapters to extract and load data in real-time from legacy and new cloud sources/targets (ii) an extensible SQL-based transformation engine to transform events; users can inject custom logic via a component called Open Processor (iv) New primitives like MODIFY, BEFORE and AFTER and (v) built-in data validation that continuously checks if everything is continually making it to the destination.
Brahem, Mariem, Yeh, Laurent, Zeitouni, Karine.  2018.  Efficient Astronomical Query Processing Using Spark. Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. :229–238.
Sky surveys represent a fundamental data source in astronomy. Today, these surveys are moving into a petascale regime produced by modern telescopes. Due to the exponential growth of astronomical data, there is a pressing need to provide efficient astronomical query processing. Our goal is to bridge the gap between existing distributed systems and high-level languages for astronomers. In this paper, we present efficient techniques for query processing of astronomical data using ASTROIDE. Our framework helps astronomers to take advantage of the richness of the astronomical data. The proposed model supports complex astronomical operators expressed using ADQL (Astronomical Data Query Language), an extension of SQL commonly used by astronomers. ASTROIDE proposes spatial indexing and partitioning techniques to better filter the data access. It also implements a query optimizer that injects spatial-aware optimization rules and strategies. Experimental evaluation based on real datasets demonstrates that the present framework is scalable and efficient.
Fang, Yong, Peng, Jiayi, Liu, Liang, Huang, Cheng.  2018.  WOVSQLI: Detection of SQL Injection Behaviors Using Word Vector and LSTM. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :170–174.

The Structured Query Language Injection Attack (SQLIA) is one of the most serious and popular threats of web applications. The results of SQLIA include the data loss or complete host takeover. Detection of SQLIA is always an intractable challenge because of the heterogeneity of the attack payloads. In this paper, a novel method to detect SQLIA based on word vector of SQL tokens and LSTM neural networks is described. In the proposed method, SQL query strings were firstly syntactically analyzed into tokens, and then likelihood ratio test is used to build the word vector of SQL tokens, ultimately, an LSTM model is trained with sequences of token word vectors. We developed a tool named WOVSQLI, which implements the proposed technique, and it was evaluated with a dataset from several sources. The results of experiments demonstrate that WOVSQLI can effectively identify SQLIA.

Zhang, Haiyan, Zhang, Xiao.  2018.  SQL Injection Attack Principles and Preventive Techniques for PHP Site. Proceedings of the 2Nd International Conference on Computer Science and Application Engineering. :187:1–187:9.
With1 the rapid development of computer network technology, people's life and work have become more and more dependent on the Internet. Consequent network security issues have also received much attention. At present, SQL injection attacks have become the main method of hacking. SQL injection vulnerabilities seriously threaten the security of WEB application systems. This article takes the PHP language as an example, introduces the reasons for the SQL injection in detail, conducts in-depth research on the common SQL injection attack methods. Based on the practical penetration testing practice, puts forward the SQL injection detection technology and how to avoid SQL injection vulnerability when writing WEB program code. This article provides detailed technical support for testing SQL injection and provides a powerful guarantee for WEB information system in SQL injection defense.