Visible to the public Testing Techniques and Analysis of SQL Injection Attacks

TitleTesting Techniques and Analysis of SQL Injection Attacks
Publication TypeConference Paper
Year of Publication2017
AuthorsMaraj, A., Rogova, E., Jakupi, G., Grajqevci, X.
Conference Name2017 2nd International Conference on Knowledge Engineering and Applications (ICKEA)
Date Publishedoct
KeywordsAttack, attackers, Cogeneration, commonly used Web application attacks, composability, data protection, database-driven Web applications, DH-HEMTs, different security systems, effective data protection systems, good target, governmental organizations, handy interface, Human Behavior, integrated circuits, Internet, Knowledge engineering, Metrics, penetration testing technique, program testing, proper data protection, pubcrawl, relational database security, relational databases, resilience, Resiliency, security of data, security systems, security testing, sensitive data, sensitive information, SQL, SQL Injection, SQL Injection attacks, SQL injection problems, SQL Injection vulnerability, SQL query, testing techniques, three-tier-architecture, traditional security policies, user interfaces, users, Web application vulnerabilities, Web applications, Web sites, website
Abstract

It is a well-known fact that nowadays access to sensitive information is being performed through the use of a three-tier-architecture. Web applications have become a handy interface between users and data. As database-driven web applications are being used more and more every day, web applications are being seen as a good target for attackers with the aim of accessing sensitive data. If an organization fails to deploy effective data protection systems, they might be open to various attacks. Governmental organizations, in particular, should think beyond traditional security policies in order to achieve proper data protection. It is, therefore, imperative to perform security testing and make sure that there are no holes in the system, before an attack happens. One of the most commonly used web application attacks is by insertion of an SQL query from the client side of the application. This attack is called SQL Injection. Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities. To overcome the SQL injection problems, there is a need to use different security systems. In this paper, we will use 3 different scenarios for testing security systems. Using Penetration testing technique, we will try to find out which is the best solution for protecting sensitive data within the government network of Kosovo.

URLhttps://ieeexplore.ieee.org/document/8169902
DOI10.1109/ICKEA.2017.8169902
Citation Keymaraj_testing_2017