SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks
Securing the web against frequent cyber attacks is a big concern as attackers usually intend to snitch private information,financial information, deface and damages websites to prove their hacking capabilities. This type of vandalism may drive many corporations that conduct their business through th...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier Ltd
2011
|
| Subjects: | |
| Online Access: | http://repo.uum.edu.my/4314/1/SQL-i.pdf http://repo.uum.edu.my/4314/ http://dx.doi.org/10.1016/j.procs.2010.12.076 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.uum.repo.4314 |
|---|---|
| record_format |
eprints |
| spelling |
my.uum.repo.43142012-02-15T02:12:11Z http://repo.uum.edu.my/4314/ SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks Bashah Mat Ali, Abdul Yaseen Ibrahim Shakhatreh, Ala’ Abdullah, Mohd Syazwan Alostad, Jasem QA76 Computer software Securing the web against frequent cyber attacks is a big concern as attackers usually intend to snitch private information,financial information, deface and damages websites to prove their hacking capabilities. This type of vandalism may drive many corporations that conduct their business through the web to suffer financial and reputation damages. One of the most dangerous cyber attacks is the Structured Query Language (SQL)-injection attack, whereby this type of attack can be launched through the web browsers. The vulnerability of SQL-injection attack can be attributed to inappropriate programming practice by the website developers, which leaves a lot of doors widely open for the attackers to exploit these and gaining access to confidential information that resides in the website server databases.In order to address this vulnerability, it must be feasible to detect the vulnerability and enhance the coding structure of the website to avoid being an easy victim to this type of cyber attacks. Detecting the SQL-injection vulnerability requires the development of a powerful tool that can automatically create SQLinjection attacks using efficient features (different attacking patters) to detect the vulnerability of the websites. This paper discuss the development of a new web scanning (MySQLlInjector) tool with enhanced features that will be able to conduct efficient penetration test on PHP (started as Personal Home Page but now widely used as Hypertext Preprocesses) based websites to detect SQL injection vulnerabilities.This tool will automate the penetration test process, to make it easy even for those who are not aware familiar about hacking techniques. Elsevier Ltd 2011 Article PeerReviewed application/pdf en http://repo.uum.edu.my/4314/1/SQL-i.pdf Bashah Mat Ali, Abdul and Yaseen Ibrahim Shakhatreh, Ala’ and Abdullah, Mohd Syazwan and Alostad, Jasem (2011) SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks. Procedia Computer Science, 3. pp. 453-458. ISSN 18770509 http://dx.doi.org/10.1016/j.procs.2010.12.076 |
| institution |
Universiti Utara Malaysia |
| building |
UUM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Utara Malaysia |
| content_source |
UUM Institutionali Repository |
| url_provider |
http://repo.uum.edu.my/ |
| language |
English |
| topic |
QA76 Computer software |
| spellingShingle |
QA76 Computer software Bashah Mat Ali, Abdul Yaseen Ibrahim Shakhatreh, Ala’ Abdullah, Mohd Syazwan Alostad, Jasem SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks |
| description |
Securing the web against frequent cyber attacks is a big concern as attackers usually intend to snitch private information,financial information, deface and damages websites to prove their hacking capabilities. This type of vandalism may drive many corporations that conduct their business through the web to suffer financial and reputation damages. One of the most dangerous cyber attacks is the Structured Query Language (SQL)-injection attack, whereby this type of attack can be launched through the web browsers. The vulnerability of SQL-injection attack can be attributed to inappropriate programming practice by the website developers, which leaves a lot of doors widely open for the attackers to exploit these and gaining access to confidential information that resides in the website server databases.In order to address this vulnerability, it must be feasible to detect the vulnerability and enhance the coding structure of the website to avoid being an easy victim to this type of cyber attacks. Detecting the SQL-injection vulnerability requires the development of a powerful tool that can automatically create SQLinjection
attacks using efficient features (different attacking patters) to detect the vulnerability of the websites. This paper discuss the development of a new web scanning (MySQLlInjector) tool with enhanced features that will be able to conduct efficient penetration test on PHP (started as Personal Home Page but now widely used as Hypertext Preprocesses) based websites to detect SQL injection vulnerabilities.This tool will automate the penetration test process, to make it easy even for those who are
not aware familiar about hacking techniques. |
| format |
Article |
| author |
Bashah Mat Ali, Abdul Yaseen Ibrahim Shakhatreh, Ala’ Abdullah, Mohd Syazwan Alostad, Jasem |
| author_facet |
Bashah Mat Ali, Abdul Yaseen Ibrahim Shakhatreh, Ala’ Abdullah, Mohd Syazwan Alostad, Jasem |
| author_sort |
Bashah Mat Ali, Abdul |
| title |
SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks |
| title_short |
SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks |
| title_full |
SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks |
| title_fullStr |
SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks |
| title_full_unstemmed |
SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks |
| title_sort |
sql-injection vulnerability scanning tool for automatic creation of sql-injection attacks |
| publisher |
Elsevier Ltd |
| publishDate |
2011 |
| url |
http://repo.uum.edu.my/4314/1/SQL-i.pdf http://repo.uum.edu.my/4314/ http://dx.doi.org/10.1016/j.procs.2010.12.076 |
| _version_ |
1644278719648366592 |
| score |
13.15806 |