Analysis of protection capabilities against SQL Injection attacks
Bogdan Krawczyński
bogdan.krawczynski@pollub.edu.plInstitute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland (Poland)
Jarosław Marucha
Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland (Poland)
Grzegorz Kozieł
Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland (Poland)
Abstract
Publication refers to SQL Injection attacks whose are one of the most dangerous in a cyberspace. Based on a literature studies, classification of the SQL Injection attacks was prepared. The purpose of the work was to analyse of protections effectiveness against SQL Injection attacks. Research method has been based on author application, which was implemented in JSP (JavaServer Pages) technology using MySQL database server.
Keywords:
SQL Injection; data security; application vulnerabilityReferences
[1] How Was SQL Injection Discovered? https://www.esecurityplanet.com/network-security/how-was-sql-injectiondiscovered.html [20.11.2017]
[2] Top 10 Attack Techniques – 2015 vs. 2014 http://www.hackmageddon.com/2016/01/11/2015-cyber-attacks-statistics [12.11.2017]
[3] Co oferuje nam OWASP? http://websecurity.pl/co-oferuje-namowasp [15.11.2017]
[4] OWASP: The 10 Most Critical Web Application Security Risks, https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf
[5] Norma PN-SIO/IEC-17799:2005 Technika informatyczna. Praktyczne zasady zarządzania bezpieczeństwem informacji,PKN, 2007.
[6] J. Clarke, SQL Injection Attacks and Defense, Syngress Publishing, Inc., 2012.
[7] SQL Injection through HTTP Headers, http://resources. infosecinstitute.com/sql-injection-http-headers [14.11.2017]
[8] Amirmohammad Sadeghian, Mazdak Zamani, Suhaimi Ibrahim, SQL Injection is Still Alive: A Study on SQL Injection Signature EvasionTechniques, 2013 International Conference on Informatics and Creative Multimedia, 2013.
[9] OWASP: SQL Injection Prevention Cheat Sheet, https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet [17.11.2017]
[10] Chandershekhar Sharma, S.C. Jain, Analysis and Classification of SQL Injection Vulnerabilities and Attacks on Web Applications, Konferencja: International Conference on Advances in Engineering & Technology Research, ICAETR –2014.
[11] William G.J. Halfond, Jeremy Viegas, Alessandro Orso, A Classification of SQL Injection Attacks and Countermeasures, Proceedings of the International Symposium on Secure Software Engineering, 2006.
[12] How to: Protect From SQL Injection in ASP.Net, https://msdn.microsoft.com/en-us/library/ff648339.aspx [16.11.2017]
[13] Microsoft Sercurity Overview, https://docs.microsoft.com/enus/dotnet/framework/data/adonet/security-overview [22.11.2017]
[14] Tiobe Index for November 2017, https://www.tiobe.com/tiobeindex/ [23.11.2017]
[15] M. Dymek, M. Nycz, A. Gerka, Analiza statycznych metod obrony przed atakami SQL, ZESZYTY NAUKOWE POLITECHNIKI RZESZOWSKIEJ 294, Elektrotechnika 35 RUTJEE, z. 35 (2/2016), kwiecień-czerwiec 2016, s. 47-56.
[2] Top 10 Attack Techniques – 2015 vs. 2014 http://www.hackmageddon.com/2016/01/11/2015-cyber-attacks-statistics [12.11.2017]
[3] Co oferuje nam OWASP? http://websecurity.pl/co-oferuje-namowasp [15.11.2017]
[4] OWASP: The 10 Most Critical Web Application Security Risks, https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf
[5] Norma PN-SIO/IEC-17799:2005 Technika informatyczna. Praktyczne zasady zarządzania bezpieczeństwem informacji,PKN, 2007.
[6] J. Clarke, SQL Injection Attacks and Defense, Syngress Publishing, Inc., 2012.
[7] SQL Injection through HTTP Headers, http://resources. infosecinstitute.com/sql-injection-http-headers [14.11.2017]
[8] Amirmohammad Sadeghian, Mazdak Zamani, Suhaimi Ibrahim, SQL Injection is Still Alive: A Study on SQL Injection Signature EvasionTechniques, 2013 International Conference on Informatics and Creative Multimedia, 2013.
[9] OWASP: SQL Injection Prevention Cheat Sheet, https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet [17.11.2017]
[10] Chandershekhar Sharma, S.C. Jain, Analysis and Classification of SQL Injection Vulnerabilities and Attacks on Web Applications, Konferencja: International Conference on Advances in Engineering & Technology Research, ICAETR –2014.
[11] William G.J. Halfond, Jeremy Viegas, Alessandro Orso, A Classification of SQL Injection Attacks and Countermeasures, Proceedings of the International Symposium on Secure Software Engineering, 2006.
[12] How to: Protect From SQL Injection in ASP.Net, https://msdn.microsoft.com/en-us/library/ff648339.aspx [16.11.2017]
[13] Microsoft Sercurity Overview, https://docs.microsoft.com/enus/dotnet/framework/data/adonet/security-overview [22.11.2017]
[14] Tiobe Index for November 2017, https://www.tiobe.com/tiobeindex/ [23.11.2017]
[15] M. Dymek, M. Nycz, A. Gerka, Analiza statycznych metod obrony przed atakami SQL, ZESZYTY NAUKOWE POLITECHNIKI RZESZOWSKIEJ 294, Elektrotechnika 35 RUTJEE, z. 35 (2/2016), kwiecień-czerwiec 2016, s. 47-56.
Krawczyński, B., Marucha, . J., & Kozieł, G. (2018). Analysis of protection capabilities against SQL Injection attacks . Journal of Computer Sciences Institute, 7, 150–157. https://doi.org/10.35784/jcsi.664
Authors
Bogdan Krawczyńskibogdan.krawczynski@pollub.edu.pl
Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland Poland
Authors
Jarosław MaruchaInstitute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland Poland
Authors
Grzegorz KoziełInstitute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland Poland
Statistics
Abstract views: 282PDF downloads: 383
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.