Analysis of protection capabilities against SQL Injection attacks

Bogdan Krawczyński; Jarosław Marucha; Grzegorz Kozieł

doi:10.35784/jcsi.664

Open full text

PDF

Published: Sep 30, 2018

DOI: https://doi.org/10.35784/jcsi.664

DOI

https://doi.org/10.35784/jcsi.664

Authors

Bogdan Krawczyński

bogdan.krawczynski@pollub.edu.pl

Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland

Jarosław Marucha

jaroslaw.marucha@pollub.edu.pl

Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland

Grzegorz Kozieł

g.koziel@pollub.pl

Institute of Computer Science, Lublin University of Technology, Nadbystrzycka 36B, 20-618 Lublin, Poland

Abstract

Publication refers to SQL Injection attacks whose are one of the most dangerous in a cyberspace. Based on a literature studies, classification of the SQL Injection attacks was prepared. The purpose of the work was to analyse of protections effectiveness against SQL Injection attacks. Research method has been based on author application, which was implemented in JSP (JavaServer Pages) technology using MySQL database server.

Keywords:

SQL Injection; data security; application vulnerability

References

[1] How Was SQL Injection Discovered? https://www.esecurityplanet.com/network-security/how-was-sql-injectiondiscovered.html [20.11.2017]
[2] Top 10 Attack Techniques – 2015 vs. 2014 http://www.hackmageddon.com/2016/01/11/2015-cyber-attacks-statistics [12.11.2017]
[3] Co oferuje nam OWASP? http://websecurity.pl/co-oferuje-namowasp [15.11.2017]
[4] OWASP: The 10 Most Critical Web Application Security Risks, https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf
[5] Norma PN-SIO/IEC-17799:2005 Technika informatyczna. Praktyczne zasady zarządzania bezpieczeństwem informacji,PKN, 2007.
[6] J. Clarke, SQL Injection Attacks and Defense, Syngress Publishing, Inc., 2012.
[7] SQL Injection through HTTP Headers, http://resources. infosecinstitute.com/sql-injection-http-headers [14.11.2017]
[8] Amirmohammad Sadeghian, Mazdak Zamani, Suhaimi Ibrahim, SQL Injection is Still Alive: A Study on SQL Injection Signature EvasionTechniques, 2013 International Conference on Informatics and Creative Multimedia, 2013.
[9] OWASP: SQL Injection Prevention Cheat Sheet, https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet [17.11.2017]
[10] Chandershekhar Sharma, S.C. Jain, Analysis and Classification of SQL Injection Vulnerabilities and Attacks on Web Applications, Konferencja: International Conference on Advances in Engineering & Technology Research, ICAETR –2014.
[11] William G.J. Halfond, Jeremy Viegas, Alessandro Orso, A Classification of SQL Injection Attacks and Countermeasures, Proceedings of the International Symposium on Secure Software Engineering, 2006.
[12] How to: Protect From SQL Injection in ASP.Net, https://msdn.microsoft.com/en-us/library/ff648339.aspx [16.11.2017]
[13] Microsoft Sercurity Overview, https://docs.microsoft.com/enus/dotnet/framework/data/adonet/security-overview [22.11.2017]
[14] Tiobe Index for November 2017, https://www.tiobe.com/tiobeindex/ [23.11.2017]
[15] M. Dymek, M. Nycz, A. Gerka, Analiza statycznych metod obrony przed atakami SQL, ZESZYTY NAUKOWE POLITECHNIKI RZESZOWSKIEJ 294, Elektrotechnika 35 RUTJEE, z. 35 (2/2016), kwiecień-czerwiec 2016, s. 47-56.

Krawczyński, B., Marucha, . J., & Kozieł, G. (2018). Analysis of protection capabilities against SQL Injection attacks . Journal of Computer Sciences Institute, 7, 150–157. https://doi.org/10.35784/jcsi.664

Article Sidebar

Main Article Content

DOI

Authors

Abstract

Keywords:

References

Article Details

License