Relevant bibliographies by topics / SQL-Injection attacks / Journal articles
To see the other types of publications on this topic, follow the link: SQL-Injection attacks.

Journal articles on the topic 'SQL-Injection attacks'

Author: Grafiati
Published: 4 June 2021
Last updated: 16 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'SQL-Injection attacks.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Nugroho, Aldebaran Bayu, and Satria Mandala. "Study the Best PenTest Algorithm for Blind SQL Injection Attacks." International Journal on Information and Communication Technology (IJoICT) 5, no. 2 (June 10, 2020): 1. http://dx.doi.org/10.21108/ijoict.2019.52.268.

Full text
Abstract:
<p>There are several types of SQL injection attacks. One of the most popular SQL Injection Attacks is Blind SQL. This attack is performed by exploiting a gap in the database server when executing query words. If the server responds to an invalid query, the attacker will then reverse the engineering part of the SQL query, which is obtained from the error message of the server. The process of generating a blind SQL injection attack is complicated. As a result, a Pentester often requires a long time to penetrate the database server. This research provides solutions to the problems above by developing the automation of a blind SQL injection attack. The method used in this research is to generate keywords, such as the database name and table name so that the attacker can retrieve information about the user name and password. This research also compares several search algorithms, such as linear search, binary search, and interpolation search for generating the keywords of the attack. Automation of the Blind SQL Injection was successfully developed, and the performance of the keywords generation for each algorithm was also successfully measured, i.e., 1.7852 seconds for Binary Search, 1.789 seconds for interpolation and 1.902 seconds for Linear Search.</p>
APA, Harvard, Vancouver, ISO, and other styles
2

Et. al., Leelavathy S,. "A Secure Methodology to Detect and Prevent Ddos and Sql Injection Attacks." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 12, no. 2 (April 11, 2021): 341–46. http://dx.doi.org/10.17762/turcomat.v12i2.722.

Full text
Abstract:
As most of the applications host on cloud, Security is a major concern for the data owners. The cloud environment has to be secure and protect data owner data from cloud attacks. In this project work, we study about securing firewall against client side attacks namely Denial of firewall and SQL injection attacks. Denial of firewall is nothing but overloading the firewall by bursting n number of requests through vulnerable scripts. SQL injection attack is defined as bypassing the security protocols by malicious scripts. Thus we proposed to design and develop a web application to detect and prevent denial of firewall and SQL injection attacks. The denial of firewall attack can be performed using Java environment based servers and prevention can be performed using Digital Signature Algorithm (DSA) in which filter based approach and software puzzle based approach are performed to detect the malicious script based requests. Once the Deep Packet Inspection (DPI): filter based approach and software puzzle based approach are find satisfactory only the request would be processed. If the request is find malicious automatically the requested IP address would be blocked. Various type of SQL injection attacks namely SQL login bypass, Blind injection, SQL sleep attack, Data fetching attack are analysed and performed. The SQL injection attack can be prevented using PREPARE statements. This statements are created to make the SQL queries more efficient and render security benefits. This statement provides effective prevention mechanism against SQL injection attacks. Thus our proposed solution, provides high security against firewall attacks namely denial of firewall and SQL injection securing the data owner files and preventing compromising of firewall
APA, Harvard, Vancouver, ISO, and other styles
3

N, Asha, M. Varun Kumar, and Vaidhyanathan G. Vaidhyanathan.G. "Preventing SQL Injection Attacks." International Journal of Computer Applications 52, no. 13 (August 30, 2012): 28–32. http://dx.doi.org/10.5120/8264-1809.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Silva, Rui Filipe, Raul Barbosa, and Jorge Bernardino. "Intrusion Detection Systems for Mitigating SQL Injection Attacks." International Journal of Information Security and Privacy 14, no. 2 (April 2020): 20–40. http://dx.doi.org/10.4018/ijisp.2020040102.

Full text
Abstract:
Databases are widely used by organizations to store business-critical information, which makes them one of the most attractive targets for security attacks. SQL Injection is the most common attack to webpages with dynamic content. To mitigate it, organizations use Intrusion Detection Systems (IDS) as part of the security infrastructure, to detect this type of attack. However, the authors observe a gap between the comprehensive state-of-the-art in detecting SQL Injection attacks and the state-of-practice regarding existing tools capable of detecting such attacks. The majority of IDS implementations provide little or no protection against SQL Injection attacks, with exceptions like the tools Bro and ModSecurity. In this article, the authors compare these tools using the CSIC dataset in order to examine the state-of-practice in database protection from SQL Injection attacks, identifying the main characteristics and implementation details needed for IDSs to successfully detect such attacks. The experiments indicate that signature-based IDS provide the greatest coverage against SQL Injection.
APA, Harvard, Vancouver, ISO, and other styles
5

Dalai, Asish Kumar, and Sanjay Kumar Jena. "Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications." Security and Communication Networks 2017 (2017): 1–12. http://dx.doi.org/10.1155/2017/3825373.

Full text
Abstract:
Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.
APA, Harvard, Vancouver, ISO, and other styles
6

Kusuma, Gregorius Hendy. "Analysis of SQL Injection Attacks on Website Service." bit-Tech 1, no. 1 (September 18, 2018): 26–33. http://dx.doi.org/10.32877/bt.v1i1.3.

Full text
Abstract:
Among the various types of software vulnerabilities, command injection is the most common type of threat in web applications. In command injection, SQL injection type of attacks areextremely prevalent, and ranked as the second most common form of attack on web. SQL injection attacks involve the construction of application’s input data that will result in the execution of malicious SQL statements. Most of the SQL injection detection techniques involve the code to be written along with the actual scripting code. These techniques do not detect errors in SQL statements. Hence, this paper proposes a mechanism to identify invalid SQL statements, to analyze the query for invalid non SQL key words, and to customize the captured errors. This mechanism is different from others by means of separation of the main scripting code and SQL injection code.
APA, Harvard, Vancouver, ISO, and other styles
7

Mahrouqi, A., P. Tobin, S. Abdalla, and T. Kechadi. "Simulating SQL-Injection Cyber-Attacks Using GNS3." International Journal of Computer Theory and Engineering 8, no. 3 (June 2016): 213–17. http://dx.doi.org/10.7763/ijcte.2016.v8.1046.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Dharam, Ramya, and Sajjan G. Shiva. "Runtime Monitoring Framework for SQL Injection Attacks." International Journal of Engineering and Technology 6, no. 5 (2014): 392–401. http://dx.doi.org/10.7763/ijet.2014.v6.731.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Abdulmalik, Yazeed. "An Improved SQL Injection Attack Detection Model Using Machine Learning Techniques." International Journal of Innovative Computing 11, no. 1 (April 28, 2021): 53–57. http://dx.doi.org/10.11113/ijic.v11n1.300.

Full text
Abstract:
SQL Injection Attack (SQLIA) is a common cyberattack that target web application database. With the ever increasing and varying techniques to exploit web application SQLIA vulnerabilities, there is no a comprehensive method that can solve this kind of attacks. Therefore, these various of attack techniques required to establish many methods against in order to mitigate its threats. However, most of these methods have not yet been evaluated, where it is still just theories and require to implement and measure its performance and set its limitation. Moreover, most of the existing SQL injection countermeasures either used syntax-based detection methods or a list of predefined rules to detect the SQL injection, which is vulnerable in advance and sophisticated type of attacks because attackers create new ways to evade the detection utilizing their pre-knowledge. Although semantic-based features can improve the detection, up to our knowledge, no studies focused on extracting the semantic features from SQL stamens. This paper, investigates a designed model that can improve the efficacy of the SQL injection attack detection using machine learning techniques by extracting the semantic features that can effectively indicate the SQL injection attack. Also, a tenfold approach will be used to evaluate and validate the proposed detection model.
APA, Harvard, Vancouver, ISO, and other styles
10

J. Santhosh Kumar, B., and P. P. Anaswara. "Vulnerability detection and prevention of SQL injection." International Journal of Engineering & Technology 7, no. 2.31 (May 29, 2018): 16. http://dx.doi.org/10.14419/ijet.v7i2.31.13388.

Full text
Abstract:
SQL injection attack is the most serious security vulnerabilities on databases are connected with web or within an intranet, most of these vulnerabilities are affected by lack of input validation and SQL parameters are use. The attackers are trying to steal the data which was hidden and by attacking the database using the attacking technique that is called SQL injection attacks. The SQL injection attack detection and prevention technologies are experimented in this paper. There are different defence methods are used to prevent such as, parameterized statement, stored procedures and white list input validation. The comparative results of these methods are highlighted in the table with SQL injection query, prepared statement insertion and selection queries, stored procedures and modify queries. The comparison of these methods used for detection and prevention vulnerability in web server.
APA, Harvard, Vancouver, ISO, and other styles
11

Sreeja, T., Dr Manna Sheela Rani Chetty, and Sekhar Babu Boddu. "Detecting SQL Injection Using Correlative Log Analysis." International Journal of Engineering & Technology 7, no. 2.32 (May 31, 2018): 389. http://dx.doi.org/10.14419/ijet.v7i2.32.15720.

Full text
Abstract:
The spiking landscape of cyber-attacks is reflecting its trend towards invoking vulnerabilities in a web application. The vulnerabilities seem to be over-growing second by second beside being over-coming time to time. The reason behind is, new attack vectors are often being deployed by the threat actors. The global cyber security market alone has brought a turnover of about $350 billion, which shows how wide the attack landscape is and how expensive it is to detect, protect and respond to the cyber issues. Most of the security experts have quoted that, the average cost of a data breach will exceed to $150million by 2020 and about 80 percent of the global demography were nowhere aware of such attacks. From the past few years, SQL injection is acting as a major vector in breaching the sensitive data. Detecting SQL injection through log correlation is the most effective methodology utilized under adaptive environments seeking no tool investigation. This paper exposes a detection methodology of an SQL injection attack without any mere concentration on automated tools. The paper goes with a motto of detection through configuring the available resources like web server,database,and an IDS in a way of creating adaptable environment that can bring the entire attacker information through log analysis. The paper would represent the attacker phases in a finite automata.
APA, Harvard, Vancouver, ISO, and other styles
12

Alenezi, Mamdouh, Muhammad Nadeem, and Raja Asif. "SQL injection attacks countermeasures assessments." Indonesian Journal of Electrical Engineering and Computer Science 21, no. 2 (February 1, 2021): 1121. http://dx.doi.org/10.11591/ijeecs.v21.i2.pp1121-1131.

Full text
Abstract:
<span>SQL injections attacks have been rated as the most dangerous vulnerability of web-based systems over more than a decade by OWASP top ten. Though different static, runtime and hybrid approaches have been proposed to counter SQL injection attacks, no single approach guarantees flawless prevention/ detection for these attacks. Hundreds of components of open source and commercial software products are reported to be vulnerable for SQL injection to CVE repository every year. In this mapping study, we identify different existing approaches in terms of the cost of computation and protection offered. We found that most of the existing techniques claim to offer protection based on the testing on a very small or limited scale. This study dissects each proposed approach and highlights their strengths and weaknesses and categorizes them based on the underlying technology used to detect or counter the injection attacks.</span>
APA, Harvard, Vancouver, ISO, and other styles
13

Kumar, Ashish, and Sumitra Binu. "Proposed Method for SQL Injection Detection and its Prevention." International Journal of Engineering & Technology 7, no. 2.6 (March 11, 2018): 213. http://dx.doi.org/10.14419/ijet.v7i2.6.10569.

Full text
Abstract:
SQL injection attack is a commonly used method to attack the database server. Injection attacks enable the attacker to bypass the validation and authorization mechanisms used by database server and gain access to the database. The easiest way to launch this attack is by exploiting the loopholes in the validation of user inputs provided through login pages. Each login page that a user visits can contribute towards revealing the identity of the user. Feedbacks given by the server while executing an SQL code can reveal information regarding the vulnerabilities in the validation process of the database server. This information can be misused by the attacker to launch an SQL injection attack. This paper discusses a technique for identifying and preventing SQL injection attack using tokenization concept. The paper discusses a function which verifies the user queries for the presence of various predefined tokens and thereby preventing the access to web pages in cases where the user query includes any of the defined tokens.
APA, Harvard, Vancouver, ISO, and other styles
14

Pan, Wu Min. "Method to Detect SQL Injection Attacks for Complex Network Environment." Advanced Materials Research 651 (January 2013): 841–45. http://dx.doi.org/10.4028/www.scientific.net/amr.651.841.

Full text
Abstract:
SQL injection has become a serious security risk among all the attacks against Web application. The SQL injection attack allows an attacker to access the underlying database unrestrictedly, and furthermore, retrieves the confidential information of the corporation and the network user. We found that most of the existing researches are able to detect most of the attacks, but they do not consider the complexity involved in using the defense system and the eventual cost of modification of the original program. For this reason, we conducts an in-depth research on SQL injection and defense: requires no modification of the web application code,and can be adapted to different usage scenarios,involving also different operating systems and server applications,and can be able to detect all the known injection points for the test application
APA, Harvard, Vancouver, ISO, and other styles
15

K.Kolhe, Abhay, and Pratik Adhikari. "Injection, Detection, Prevention of SQL Injection Attacks." International Journal of Computer Applications 87, no. 7 (February 14, 2014): 40–43. http://dx.doi.org/10.5120/15224-3739.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Parameswari, S., and K. Kavitha. "SQL Injection Attack on Web Application." Asian Journal of Computer Science and Technology 7, S1 (November 5, 2018): 11–15. http://dx.doi.org/10.51983/ajcst-2018.7.s1.1814.

Full text
Abstract:
SQL injection attacks are one of the highest dangers for applications composed for the Web. These attacks are dispatched through uncommonly made client information on web applications that utilizes low level string operations to build SQL queries. An SQL injection weakness permits an assailant to stream summons straightforwardly to a web application’s hidden database and annihilate usefulness or privacy. In this paper we proposed a simplified algorithm which works on the basic features of the SQL Injection attacks and will successfully detect almost all types of SQL Injection attacks. In the paper we have also presented the experiment results in order to acknowledge the proficiency of our algorithm.
APA, Harvard, Vancouver, ISO, and other styles
17

AlNabulsi, Hussein, Izzat Alsmadi, and Mohammad Al Jarrah. "Textual Manipulation for SQL Injection Attacks." International Journal of Computer Network and Information Security 6, no. 1 (November 7, 2013): 26–33. http://dx.doi.org/10.5815/ijcnis.2014.01.04.

Full text
APA, Harvard, Vancouver, ISO, and other styles
18

Morgan, David. "Web application security – SQL injection attacks." Network Security 2006, no. 4 (April 2006): 4–5. http://dx.doi.org/10.1016/s1353-4858(06)70353-1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Shahriar, Hossain, Sarah North, and Wei-Chuen Chen. "Early Detection of SQL Injection Attacks." International Journal of Network Security & Its Applications 5, no. 4 (July 31, 2013): 53–65. http://dx.doi.org/10.5121/ijnsa.2013.5404.

Full text
APA, Harvard, Vancouver, ISO, and other styles
20

Pathak, Ruta, Ananta Bhatt, and Shivam Choudhary. "Devising Solution to SQL Injection Attacks." International Journal of Computer Applications 154, no. 2 (November 17, 2016): 25–27. http://dx.doi.org/10.5120/ijca2016912037.

Full text
APA, Harvard, Vancouver, ISO, and other styles
21

Sharma, Kirti, and Shobha Bhatt. "SQL injection attacks - a systematic review." International Journal of Information and Computer Security 11, no. 4/5 (2019): 493. http://dx.doi.org/10.1504/ijics.2019.10023476.

Full text
APA, Harvard, Vancouver, ISO, and other styles
22

Sharma, Kirti, and Shobha Bhatt. "SQL injection attacks - a systematic review." International Journal of Information and Computer Security 11, no. 4/5 (2019): 493. http://dx.doi.org/10.1504/ijics.2019.101937.

Full text
APA, Harvard, Vancouver, ISO, and other styles
23

Bashah Mat Ali, Abdul, Ala’ Yaseen Ibrahim Shakhatreh, Mohd Syazwan Abdullah, and Jasem Alostad. "SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks." Procedia Computer Science 3 (2011): 453–58. http://dx.doi.org/10.1016/j.procs.2010.12.076.

Full text
APA, Harvard, Vancouver, ISO, and other styles
24

Krawczyński, Bogdan, Jarosław Marucha, and Grzegorz Kozieł. "Analysis of protection capabilities against SQL Injection attacks." Journal of Computer Sciences Institute 7 (September 30, 2018): 150–57. http://dx.doi.org/10.35784/jcsi.664.

Full text
Abstract:
Publication refers to SQL Injection attacks whose are one of the most dangerous in a cyberspace. Based on a literature studies, classification of the SQL Injection attacks was prepared. The purpose of the work was to analyse of protections effectiveness against SQL Injection attacks. Research method has been based on author application, which was implemented in JSP (JavaServer Pages) technology using MySQL database server.
APA, Harvard, Vancouver, ISO, and other styles
25

Bangkit Wiguna, Wahyu Adi Prabowo, and Ridho Ananda. "Implementasi Web Application Firewall Dalam Mencegah Serangan SQL Injection Pada Website." Digital Zone: Jurnal Teknologi Informasi dan Komunikasi 11, no. 2 (November 3, 2020): 245–56. http://dx.doi.org/10.31849/digitalzone.v11i2.4867.

Full text
Abstract:
Dalam beberapa tahun terakhir perkembangan teknologi informasi menjadi semakin pesat, perkembangan ini membuat segala aktifitas dan pekerjaan menjadi lebih mudah, seperti halnya untuk mengakses berita maupun informasi. Salah satu media yang sering digunakan untuk menemukan berbagai macam informasi pada saat ini yaitu website. Banyaknya website yang ada pada saat ini membuat ia sering dijadikan sasaran berbagai jenis serangan web yang beragam seperti SQL injection. Sehingga diperlukan suatu sistem yang mampu memberikan solusi dalam pengamanan website. Pada penelitian ini menggunakan metode web application firewall karena metode ini mampu untuk menjadi security system dalam mengamankan suatu website dari serangan. Metode web application firewall dilakukan dengan memblokir serangan sql injection yang masuk berdasarkan konfigurasi rules yang telah ditetapkan. Dan dari hasil penelitian ini serangan SQL injection yang telah diujicobakan pada website berhasil diblokir sehingga membuat website menjadi aman dari serangan tersebut.. Kata kunci: Keamanan, Serangan Web, SQL injection, Website, Web Application Firewall. Abstract In the last few years the development of information technology has become increasingly rapid, this has made all activities and jobs easier, such as accessing news and information. One of the media that is often used to find various kinds of information at this time is the website. The large number of websites that exist today makes it a frequent target of various types of web attacks such as SQL injection. So we need a system that is able to provide solutions in securing a website. This research uses a web firewall application method because this method is able to become a security system on a website from attacks. The firewall web application method is carried out by the sql injection attack method which is entered based on predefined rules. And from the results of this study, the SQL injection attack that was tested on the website was successful so that it made the website safe from these attacks. Keywords: Security, Web Attack, SQL injection, Website, Web Application Firewall
APA, Harvard, Vancouver, ISO, and other styles
26

Mohd Yunus, Mohd Amin, Muhammad Zainulariff Brohan, Nazri Mohd Nawi, Ely Salwana Mat Surin, Nurhakimah Azwani Md Najib, and Chan Wei Liang. "Review of SQL Injection : Problems and Prevention." JOIV : International Journal on Informatics Visualization 2, no. 3-2 (June 6, 2018): 215. http://dx.doi.org/10.30630/joiv.2.3-2.144.

Full text
Abstract:
SQL injection happened in electronic records in database and it is still exist even after two decades since it first happened. Most of the web-based applications are still vulnerable to the SQL injection attacks. Although technology had improved a lot during these past years, but, hackers still can find holes to perform the SQL injection. There are many methods for this SQL injection to be performed by the hackers and there is also plenty of prevention for the SQL injection to be happened. The vulnerability to SQL injection is very big and this is definitely a huge threat to the web based application as the hackers can easily hacked their system and obtains any data and information that they wanted anytime and anywhere. This paper can conclude that several proposed techniques from existing journal papers used for preventing SQL injection. Then, it comes out with Blockchain concept to prevent SQL injection attacks on database management system (DBMS) via IP.
APA, Harvard, Vancouver, ISO, and other styles
27

Bansal, Yogesh, and Jin H. Park. "Multi-hashing for Protecting Web Applications from SQL Injection Attacks." International Journal of Computer and Communication Engineering 4, no. 3 (2015): 187–95. http://dx.doi.org/10.17706/ijcce.2015.4.3.187-195.

Full text
APA, Harvard, Vancouver, ISO, and other styles
28

Pancholi, Rahul, Indr jeet Rajput, and Vinit Kumar Vinit Kumar. "Security of Database Query Processing by Blocking SQL Injection Attacks." International Journal of Scientific Research 2, no. 6 (June 1, 2012): 212–14. http://dx.doi.org/10.15373/22778179/june2013/67.

Full text
APA, Harvard, Vancouver, ISO, and other styles
29

Rawat, Romil, Chandrapal Singh Dangi, and Jagdish Patil. "Safe Guard Anomalies against SQL Injection Attacks." International Journal of Computer Applications 22, no. 2 (May 31, 2011): 11–14. http://dx.doi.org/10.5120/2558-3511.

Full text
APA, Harvard, Vancouver, ISO, and other styles
30

G. Kumar, Diksha, and Madhumita Chatterjee. "Detection Block Model for SQL Injection Attacks." International Journal of Computer Network and Information Security 6, no. 11 (October 8, 2014): 56–63. http://dx.doi.org/10.5815/ijcnis.2014.11.08.

Full text
APA, Harvard, Vancouver, ISO, and other styles
31

Shrivastava, Gaurav, and Kshitij Pathak. "SQL Injection Attacks: Technique and Prevention Mechanism." International Journal of Computer Applications 69, no. 7 (May 17, 2013): 35–39. http://dx.doi.org/10.5120/11857-7626.

Full text
APA, Harvard, Vancouver, ISO, and other styles
32

Cecchini, Simone, and Diane Gan. "SQL injection attacks with the AMPA suite." International Journal of Electronic Security and Digital Forensics 5, no. 2 (2013): 139. http://dx.doi.org/10.1504/ijesdf.2013.055051.

Full text
APA, Harvard, Vancouver, ISO, and other styles
33

Yiğit, Gülsüm, and Merve Arnavutoğlu. "SQL Injection Attacks Detection & Prevention Techniques." International Journal of Computer Theory and Engineering 9, no. 5 (2017): 351–56. http://dx.doi.org/10.7763/ijcte.2017.v9.1165.

Full text
APA, Harvard, Vancouver, ISO, and other styles
34

Chen, Zhuang, Min Guo, and Lin zhou. "Research on SQL injection detection technology based on SVM." MATEC Web of Conferences 173 (2018): 01004. http://dx.doi.org/10.1051/matecconf/201817301004.

Full text
Abstract:
SQL injection, which has the characteristics of great harm and fast variation, has always ranked the top of the OWASP TOP 10, which has always been a hot spot in the research of web security. In view of the difficulty of detecting unknown attacks by the existing rule matching method, a method of SQL injection detection based on machine learning is proposed. And the author analyses the method of SQL injection feature extraction, f Finally, the word2vec method is selected to process the text data of the HTTP request, which can effectively represent the SQL injection features containing the attack payload. Training and classification of processed samples with SVM algorithm, The experiment shows that this method effectively solves the problem of SQL injection to the mutation and the high leakage rate of the rule matching. By comparing with the classification results of statistical features, this SQL injection classification model has a higher detection rate.
APA, Harvard, Vancouver, ISO, and other styles
35

Natarajan, Kanchana, and Sarala Subramani. "Generation of Sql-injection Free Secure Algorithm to Detect and Prevent Sql-Injection Attacks." Procedia Technology 4 (2012): 790–96. http://dx.doi.org/10.1016/j.protcy.2012.05.129.

Full text
APA, Harvard, Vancouver, ISO, and other styles
36

Kiskis, Akvile. "Why SQL Injection Attacks Are Still Plaguing Databases." International Journal of Hyperconnectivity and the Internet of Things 3, no. 2 (July 2019): 11–18. http://dx.doi.org/10.4018/ijhiot.2019070102.

Full text
Abstract:
This article describes how SQL injection has been a long-standing problem in database security. It is understandable why injection is considered number one because of the sheer number of web applications that exist currently. An injection attack can allow an attacker to gain complete access of a database which oftentimes contains sensitive information. This results in a loss of confidential information which places consumers at a huge risk.
APA, Harvard, Vancouver, ISO, and other styles
37

Singh, Shubham, Pranju Mishra, Samruddhi Kshirsagar, Shubham Bharadia, and Narendra Joshi. "SQL Injection and Areas of Security Concern." International Journal of Computer Science and Mobile Computing 10, no. 5 (May 30, 2021): 60–66. http://dx.doi.org/10.47760/ijcsmc.2021.v10i05.006.

Full text
Abstract:
Cyber-crimes are growing rapidly and to prevent these crimes one should share all the knowledge he/she has to make people aware of these attacks. In the field of Application Security there is a very well-known vulnerability ―SQL INJECTION‖. In this paper, we have focused on what are the type of SQL Injection attacks and where it can be found in any application.
APA, Harvard, Vancouver, ISO, and other styles
38

Ha, Man-Seok, Jung-Il Namgung, and Soo-Hyun Park. "Counter Measures by using Execution Plan Analysis against SQL Injection Attacks." Journal of the Institute of Electronics and Information Engineers 53, no. 2 (February 25, 2016): 76–86. http://dx.doi.org/10.5573/ieie.2016.53.2.076.

Full text
APA, Harvard, Vancouver, ISO, and other styles
39

Lesko, S. A. "Models and scenarios of implementation of threats for internet resources." Russian Technological Journal 8, no. 6 (December 18, 2020): 9–33. http://dx.doi.org/10.32362/2500-316x-2020-8-6-9-33.

Full text
Abstract:
To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.
APA, Harvard, Vancouver, ISO, and other styles
40

Gunawan, Teddy Surya, Muhammad Kasim Lim, Mira Kartiwi, Noreha Abdul Malik, and Nanang Ismail. "Penetration Testing using Kali Linux: SQL Injection, XSS, Wordpres, and WPA2 Attacks." Indonesian Journal of Electrical Engineering and Computer Science 12, no. 2 (November 1, 2018): 729. http://dx.doi.org/10.11591/ijeecs.v12.i2.pp729-737.

Full text
Abstract:
Nowadays, computers, smart phones, smart watches, printers, projectors, washing machines, fridges, and other mobile devices connected to Internet are exposed to various threats and exploits. Of the various attacks, SQL injection, cross site scripting, Wordpress, and WPA2 attack were the most popular security attacks and will be further investigated in this paper. Kali Linux provides a great platform and medium in learning various types of exploits and peneteration testing. All the simulated attack will be conducted using Kali Linux installed on virtual machine in a compuer with Intel Core i5 and 8 GB RAM, while the victim’s machine is the host computer which run Windows 10 version 1709. Results showed that the attacks launched both on web and firewall were conducted successfully.
APA, Harvard, Vancouver, ISO, and other styles
41

Byzdra, Chrystian, and Grzegorz Kozieł. "Analysis of the defending possibilities against SQL Injection attacks." Journal of Computer Sciences Institute 13 (December 30, 2019): 339–44. http://dx.doi.org/10.35784/jcsi.1329.

Full text
Abstract:
The article describes various protection methods of database and types of SQL Injection attacks. These are extremely dangerous attacks because they threaten the confidentiality of sensitive data. In order to analyze in detail protection methods and methods of attacks, simulations of attacks and defence were performed in the following languages: C #, PHP, Java. Based on the simulation results for particular languages, the effectiveness and efficiency of database protection methods were compared.
APA, Harvard, Vancouver, ISO, and other styles
42

Raghuvanshi, Kamlesh Kumar, and Deen Bandhu Dixit. "Prevention and Detection Techniques for SQL Injection Attacks." International Journal of Computer Trends and Technology 12, no. 3 (June 25, 2014): 107–10. http://dx.doi.org/10.14445/22312803/ijctt-v12p121.

Full text
APA, Harvard, Vancouver, ISO, and other styles
43

Kaur, Manveen. "Token Sequencing Approach to Prevent SQL Injection Attacks." IOSR Journal of Computer Engineering 1, no. 1 (2012): 31–37. http://dx.doi.org/10.9790/0661-0113137.

Full text
APA, Harvard, Vancouver, ISO, and other styles
44

Kaur, Navdeep, and Parminder Kaur. "Mitigation of SQL Injection Attacks using Threat Modeling." ACM SIGSOFT Software Engineering Notes 39, no. 6 (December 9, 2014): 1–6. http://dx.doi.org/10.1145/2674632.2674638.

Full text
APA, Harvard, Vancouver, ISO, and other styles
45

Tiwari, Preshika. "Prevention of SQL Injection Attacks having XML Database." IOSR Journal of Computer Engineering 14, no. 6 (2013): 60–68. http://dx.doi.org/10.9790/0661-1466068.

Full text
APA, Harvard, Vancouver, ISO, and other styles
46

Mitropoulos, Dimitris, and Diomidis Spinellis. "SDriver: Location-specific signatures prevent SQL injection attacks." Computers & Security 28, no. 3-4 (May 2009): 121–29. http://dx.doi.org/10.1016/j.cose.2008.09.005.

Full text
APA, Harvard, Vancouver, ISO, and other styles
47

Jang, Young-Su, and Jin-Young Choi. "Detecting SQL injection attacks using query result size." Computers & Security 44 (July 2014): 104–18. http://dx.doi.org/10.1016/j.cose.2014.04.007.

Full text
APA, Harvard, Vancouver, ISO, and other styles
48

Wan, Min, and Kun Liu. "A Research of the Essence of SQL Injection Attacks Vulnerability." Applied Mechanics and Materials 719-720 (January 2015): 935–40. http://dx.doi.org/10.4028/www.scientific.net/amm.719-720.935.

Full text
Abstract:
Semantic Gap problem is the essence of the SQL Injection Attacks vulnerability in Web applications. Web application loses the semantic information while the SQL statement is constructed dynamically. This paper analyzes the cause of the SQLIA vulnerability. And then it analyzes several suggested techniques, such as the filtering techniques and the static analysis, and points out their drawbacks in the SOLIA prevention, which leads to the conclusion that the key problem for the eradication of SQLIA is to solve the semantic gap problem causing by the unstructured SQL statement in the process of constructing a Web system dynamically.
APA, Harvard, Vancouver, ISO, and other styles
49

Gurina, Anastasia, and Vladimir Eliseev. "Anomaly-Based Method for Detecting Multiple Classes of Network Attacks." Information 10, no. 3 (February 26, 2019): 84. http://dx.doi.org/10.3390/info10030084.

Full text
Abstract:
The article discusses the problem of detecting network attacks on a web server. The attention is focused on two common types of attacks: “denial of service” and “code injection”. A review and an analysis of various attack detection techniques are conducted. A new lightweight approach to detect attacks as anomalies is proposed. It is based on recognition of the dynamic response of the web server during requests processing. An autoencoder is implemented for dynamic response anomaly recognition. A case study with the MyBB web server is described. Several flood attacks and SQL injection attack are modeled and successfully detected by the proposed method. The efficiency of the detection algorithm is evaluated, and the advantages and disadvantages of the proposed approach are analyzed.
APA, Harvard, Vancouver, ISO, and other styles
50

Sheykhkanloo, Naghmeh Moradpoor. "A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks." International Journal of Cyber Warfare and Terrorism 7, no. 2 (April 2017): 16–41. http://dx.doi.org/10.4018/ijcwt.2017040102.

Full text
Abstract:
Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the security of a web application. In the previous publications, the author has proposed a Neural Network (NN)-based model for detections and classifications of the SQLi attacks. The proposed model was built from three elements: 1) a Uniform Resource Locator (URL) generator, 2) a URL classifier, and 3) a NN model. The proposed model was successful to: 1) detect each generated URL as either a benign URL or a malicious, and 2) identify the type of SQLi attack for each malicious URL. The published results proved the effectiveness of the proposal. In this paper, the author re-evaluates the performance of the proposal through two scenarios using controversial data sets. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed model in terms of accuracy, true-positive rate as well as false-positive rate.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'SQL-Injection attacks' for other source types:
Dissertations / Theses
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography