Analysis of protection capabilities against SQL Injection attacks

Bogdan Krawczyński

bogdan.krawczynski@pollub.edu.pl
Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland (Poland)

Jarosław Marucha


Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland (Poland)

Grzegorz Kozieł


Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland (Poland)

Abstract

Publication refers to SQL Injection attacks whose are one of the most dangerous in a cyberspace. Based on a literature studies, classification of the SQL Injection attacks was prepared. The purpose of the work was to analyse of protections effectiveness against SQL Injection attacks. Research method has been based on author application, which was implemented in JSP (JavaServer Pages) technology using MySQL database server.


Keywords:

SQL Injection; data security; application vulnerability

[1] How Was SQL Injection Discovered? https://www.esecurityplanet.com/network-security/how-was-sql-injectiondiscovered.html [20.11.2017]
[2] Top 10 Attack Techniques – 2015 vs. 2014 http://www.hackmageddon.com/2016/01/11/2015-cyber-attacks-statistics [12.11.2017]
[3] Co oferuje nam OWASP? http://websecurity.pl/co-oferuje-namowasp [15.11.2017]
[4] OWASP: The 10 Most Critical Web Application Security Risks, https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf
[5] Norma PN-SIO/IEC-17799:2005 Technika informatyczna. Praktyczne zasady zarządzania bezpieczeństwem informacji,PKN, 2007.
[6] J. Clarke, SQL Injection Attacks and Defense, Syngress Publishing, Inc., 2012.
[7] SQL Injection through HTTP Headers, http://resources. infosecinstitute.com/sql-injection-http-headers [14.11.2017]
[8] Amirmohammad Sadeghian, Mazdak Zamani, Suhaimi Ibrahim, SQL Injection is Still Alive: A Study on SQL Injection Signature EvasionTechniques, 2013 International Conference on Informatics and Creative Multimedia, 2013.
[9] OWASP: SQL Injection Prevention Cheat Sheet, https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet [17.11.2017]
[10] Chandershekhar Sharma, S.C. Jain, Analysis and Classification of SQL Injection Vulnerabilities and Attacks on Web Applications, Konferencja: International Conference on Advances in Engineering & Technology Research, ICAETR –2014.
[11] William G.J. Halfond, Jeremy Viegas, Alessandro Orso, A Classification of SQL Injection Attacks and Countermeasures, Proceedings of the International Symposium on Secure Software Engineering, 2006.
[12] How to: Protect From SQL Injection in ASP.Net, https://msdn.microsoft.com/en-us/library/ff648339.aspx [16.11.2017]
[13] Microsoft Sercurity Overview, https://docs.microsoft.com/enus/dotnet/framework/data/adonet/security-overview [22.11.2017]
[14] Tiobe Index for November 2017, https://www.tiobe.com/tiobeindex/ [23.11.2017]
[15] M. Dymek, M. Nycz, A. Gerka, Analiza statycznych metod obrony przed atakami SQL, ZESZYTY NAUKOWE POLITECHNIKI RZESZOWSKIEJ 294, Elektrotechnika 35 RUTJEE, z. 35 (2/2016), kwiecień-czerwiec 2016, s. 47-56.
Download


Published
2018-09-30

Cited by

Krawczyński, B., Marucha, . J., & Kozieł, G. (2018). Analysis of protection capabilities against SQL Injection attacks . Journal of Computer Sciences Institute, 7, 150–157. https://doi.org/10.35784/jcsi.664

Authors

Bogdan Krawczyński 
bogdan.krawczynski@pollub.edu.pl
Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland Poland

Authors

Jarosław Marucha 

Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland Poland

Authors

Grzegorz Kozieł 

Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland Poland

Statistics

Abstract views: 282
PDF downloads: 383