Analysis of protection capabilities against SQL Injection attacks


Abstract

Publication refers to SQL Injection attacks whose are one of the most dangerous in a cyberspace. Based on a literature studies, classification of the SQL Injection attacks was prepared. The purpose of the work was to analyse of protections effectiveness against SQL Injection attacks. Research method has been based on author application, which was implemented in JSP (JavaServer Pages) technology using MySQL database server.


Keywords

SQL Injection; data security; application vulnerability

[1] How Was SQL Injection Discovered? https://www.esecurityplanet.com/network-security/how-was-sql-injectiondiscovered.html [20.11.2017]
[2] Top 10 Attack Techniques – 2015 vs. 2014 http://www.hackmageddon.com/2016/01/11/2015-cyber-attacks-statistics [12.11.2017]
[3] Co oferuje nam OWASP? http://websecurity.pl/co-oferuje-namowasp [15.11.2017]
[4] OWASP: The 10 Most Critical Web Application Security Risks, https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf
[5] Norma PN-SIO/IEC-17799:2005 Technika informatyczna. Praktyczne zasady zarządzania bezpieczeństwem informacji,PKN, 2007.
[6] J. Clarke, SQL Injection Attacks and Defense, Syngress Publishing, Inc., 2012.
[7] SQL Injection through HTTP Headers, http://resources. infosecinstitute.com/sql-injection-http-headers [14.11.2017]
[8] Amirmohammad Sadeghian, Mazdak Zamani, Suhaimi Ibrahim, SQL Injection is Still Alive: A Study on SQL Injection Signature EvasionTechniques, 2013 International Conference on Informatics and Creative Multimedia, 2013.
[9] OWASP: SQL Injection Prevention Cheat Sheet, https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet [17.11.2017]
[10] Chandershekhar Sharma, S.C. Jain, Analysis and Classification of SQL Injection Vulnerabilities and Attacks on Web Applications, Konferencja: International Conference on Advances in Engineering & Technology Research, ICAETR –2014.
[11] William G.J. Halfond, Jeremy Viegas, Alessandro Orso, A Classification of SQL Injection Attacks and Countermeasures, Proceedings of the International Symposium on Secure Software Engineering, 2006.
[12] How to: Protect From SQL Injection in ASP.Net, https://msdn.microsoft.com/en-us/library/ff648339.aspx [16.11.2017]
[13] Microsoft Sercurity Overview, https://docs.microsoft.com/enus/dotnet/framework/data/adonet/security-overview [22.11.2017]
[14] Tiobe Index for November 2017, https://www.tiobe.com/tiobeindex/ [23.11.2017]
[15] M. Dymek, M. Nycz, A. Gerka, Analiza statycznych metod obrony przed atakami SQL, ZESZYTY NAUKOWE POLITECHNIKI RZESZOWSKIEJ 294, Elektrotechnika 35 RUTJEE, z. 35 (2/2016), kwiecień-czerwiec 2016, s. 47-56.
Download

Published : 2018-09-30


Krawczyński, B., Marucha, J., & Kozieł, G. (2018). Analysis of protection capabilities against SQL Injection attacks . Journal of Computer Sciences Institute, 7, 150-157. https://doi.org/10.35784/jcsi.664

Bogdan Krawczyński  bogdan.krawczynski@pollub.edu.pl
Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland  Poland
Jarosław Marucha 
Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland  Poland
Grzegorz Kozieł 
Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland  Poland