Relevant bibliographies by topics / Sql-injection / Dissertations / Theses
To see the other types of publications on this topic, follow the link: Sql-injection.

Dissertations / Theses on the topic 'Sql-injection'

Author: Grafiati
Published: 4 June 2021
Last updated: 25 July 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 dissertations / theses for your research on the topic 'Sql-injection.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.

1

Aryal, Dhiraj, and Anup Shakya. "A Taxonomy of SQL Injection Defense Techniques." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3076.

Full text
Abstract:
Context: SQL injection attack (SQLIA) poses a serious defense threat to web applications by allowing attackers to gain unhindered access to the underlying databases containing potentially sensitive information. A lot of methods and techniques have been proposed by different researchers and practitioners to mitigate SQL injection problem. However, deploying those methods and techniques without a clear understanding can induce a false sense of security. Classification of such techniques would provide a great assistance to get rid of such false sense of security. Objectives: This paper is focused
APA, Harvard, Vancouver, ISO, and other styles
2

Bahureková, Beáta. "Technika SQL injection - její metody a způsoby ochrany." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2020. http://www.nusl.cz/ntk/nusl-433304.

Full text
Abstract:
SQL injection is a technique directed against web applications using an SQL database, which can pose a huge security risk. It involves inserting code into an SQL database, and this attack exploits vulnerabilities in the database or application layer. The main goal of my thesis is to get acquainted with the essence of SQL injection, to understand the various methods of this attack technique and to show ways to defend against it. The work can be divided into these main parts, which I will discuss as follows.In the introductory part of the work I mention the theoretical basis concerning SQL injec
APA, Harvard, Vancouver, ISO, and other styles
3

Cetin, Cagri. "Authentication and SQL-Injection Prevention Techniques in Web Applications." Scholar Commons, 2019. https://scholarcommons.usf.edu/etd/7766.

Full text
Abstract:
This dissertation addresses the top two “most critical web-application security risks” by combining two high-level contributions. The first high-level contribution introduces and evaluates collaborative authentication, or coauthentication, a single-factor technique in which multiple registered devices work together to authenticate a user. Coauthentication provides security benefits similar to those of multi-factor techniques, such as mitigating theft of any one authentication secret, without some of the inconveniences of multi-factor techniques, such as having to enter passwords or biometrics.
APA, Harvard, Vancouver, ISO, and other styles
4

Sjöström, Linus. "Detecting SQL Injection Attacks in VoIP using Real-time Deep Packet Inspection : Can a Deep Packet Inspection Firewall Detect SQL Injection Attacks on SIP Traffic with Reasonable Performance?" Thesis, Linköpings universitet, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-161072.

Full text
Abstract:
The use of the Internet has increased over the years, and it is now an integral part of our daily activities, as we often use it for everything from interacting on social media to watching videos online. Phone calls nowadays tend to use Voice over IP (VoIP), rather than the traditional phone networks. As with any other services using the Internet, these calls are vulnerable to attacks. This thesis focus on one particular attack: SQL injection in the Session Initial Protocol (SIP), where SIP is a popular protocol used within VoIP. To find different types of SQL injection, two classifiers are im
APA, Harvard, Vancouver, ISO, and other styles
5

Trumble, Brandon. "Using Code Inspection, Code Modification, and Machine Learning to prevent SQL Injection." Thesis, Kutztown University of Pennsylvania, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=1590429.

Full text
Abstract:
<p> Modern day databases store invaluable information about everyone. This information is assumed to be safe, secure, and confidential. However, as technology has become more widespread, more people are able to abuse and exploit this information for personal gain. While the ideal method to combat this issue is the enhanced education of developers, that still leaves a large amount of time where this information is insecure. This thesis outlines two potential solutions to the problem that SQL Injection presents in the context of databases. The first modifies an existing code base to use saf
APA, Harvard, Vancouver, ISO, and other styles
6

Uwagbole, Solomon. "A pattern-driven corpus to predictive analytics in mitigating SQL injection attack." Thesis, Edinburgh Napier University, 2018. http://researchrepository.napier.ac.uk/Output/1538260.

Full text
Abstract:
The back-end database provides accessible and structured storage for each web application's big data internet web traffic exchanges stemming from cloud-hosted web applications to the Internet of Things (IoT) smart devices in emerging computing. Structured Query Language Injection Attack (SQLIA) remains an intruder's exploit of choice to steal confidential information from the database of vulnerable front-end web applications with potentially damaging security ramifications. Existing solutions to SQLIA still follows the on-premise web applications server hosting concept which were primarily dev
APA, Harvard, Vancouver, ISO, and other styles
7

Gopali, Gopali. "Protecting Web Applications from SQL Injection Attacks- Guidelines for Programmers Master Thesis." Thesis, Malmö universitet, Fakulteten för teknik och samhälle (TS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20238.

Full text
Abstract:
Injektionsattack är den mest kritiska säkerhetsapplikationen för webbapplikationer, och SQL-injektion (SQLi) -attack är den mest rapporterade injektionsattacken på webbapplikationer. I denna avhandling har vi identifierat angreppsteknikerna som används av angripare och vi ger också riktlinjer så att programmerarna kan skriva webbapplikationskoder på ett säkert sätt för att förhindra SQLi-attackerna.Metoden som tillämpas för forskningen är litteraturstudie och vi använde vägen bevis genom demonstration för att få den tydliga bilden. Det första steget var att ta reda på kodningsfelen, då utforma
APA, Harvard, Vancouver, ISO, and other styles
8

Pandey, Amit Kumar. "Securing Web Applications From Application-Level Attack." Kent State University / OhioLINK, 2007. http://rave.ohiolink.edu/etdc/view?acc_num=kent1181098075.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Norström, Alexander. "Measuring Accurancy of Vulnerability Scanners : An Evaluation with SQL Injections." Thesis, Linköpings universitet, Informationskodning, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-106628.

Full text
Abstract:
Web application vulnerabilities of critical are commonly found in web applications. The arguably most problematic class of web application vulnerabilities is SQL injections. SQL injection vulnerabilities can be used to execute commands on the database coupled to the web application, e.g., to extract the web application’s user and passwords data. Black box testing tools are often used (both by system owners and their adversaries) to discover vul- nerabilities in a running web application. Hence, how well they perform at discovering SQL injection vulnerabilities is of importance. This thesis des
APA, Harvard, Vancouver, ISO, and other styles
10

Scholte, Theodoor. "Amélioration de la sécurité par la conception des logiciels web." Thesis, Paris, ENST, 2012. http://www.theses.fr/2012ENST0024/document.

Full text
Abstract:
L'internet est devenu un environnement omniprésent dans le monde du travail et du loisir. La popularité sans cesse croissante des applications web ainsi que des services associés entraînent l'exécution de nombreuses transactions critiques, qui soulèvent des questions de sécurité. Du fait de cette croissance, des efforts ont été entrepris durant cette dernière décennie pour rendre les applications web plus sûres. Malgré ces efforts, de récents rapports provenant de l'institut SANS estiment que plus de 60 % des attaques commises sur l'Internet ciblent les applications web en se concentrant sur l
APA, Harvard, Vancouver, ISO, and other styles
11

Lokby, Patrik, and Manfred Jönsson. "Preventing SQL Injections by Hashing the Query Parameter Data." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-14922.

Full text
Abstract:
Context. Many applications today use databases to store user informationor other data for their applications. This information can beaccessed through various different languages depending on what typeof database it is. Databases that use SQL can maliciously be exploitedwith SQL injection attacks. This type of attack involves inserting SQLcode in the query parameter. The injected code sent from the clientwill then be executed on the database. This can lead to unauthorizedaccess to data or other modifications within the database. Objectives. In this study we investigate if a system can be builtw
APA, Harvard, Vancouver, ISO, and other styles
12

Klock, Robert. "Quality of SQL Code Security on StackOverflow and Methods of Prevention." Oberlin College Honors Theses / OhioLINK, 2021. http://rave.ohiolink.edu/etdc/view?acc_num=oberlin1625831198110328.

Full text
APA, Harvard, Vancouver, ISO, and other styles
13

Smith, Grant Joseph. "Analysis and Prevention of Code-Injection Attacks on Android OS." Scholar Commons, 2014. https://scholarcommons.usf.edu/etd/5391.

Full text
Abstract:
Injection attacks are the top two causes of software errors and vulnerabilities, according to the MITRE Common Vulnerabilities list [1]. This thesis presents a threat analysis of injection attacks on applications built for Android, a popular but not rigorously studied operating system designed for mobile devices. The following thesis is argued: Injection attacks are possible on off-the-shelf Android systems, and such attacks have the capacity to compromise the device through resource denial and leaking private data. Specifically, we demonstrate that injection attacks are possible through the O
APA, Harvard, Vancouver, ISO, and other styles
14

Shahriar, Hossain. "Mutation-based testing of buffer overflows, SQL injections, and format string bugs." Thesis, Kingston, Ont. : [s.n.], 2008. http://hdl.handle.net/1974/1359.

Full text
APA, Harvard, Vancouver, ISO, and other styles
15

Scholte, Theodoor. "Amélioration de la sécurité par la conception des logiciels web." Electronic Thesis or Diss., Paris, ENST, 2012. http://www.theses.fr/2012ENST0024.

Full text
Abstract:
L'internet est devenu un environnement omniprésent dans le monde du travail et du loisir. La popularité sans cesse croissante des applications web ainsi que des services associés entraînent l'exécution de nombreuses transactions critiques, qui soulèvent des questions de sécurité. Du fait de cette croissance, des efforts ont été entrepris durant cette dernière décennie pour rendre les applications web plus sûres. Malgré ces efforts, de récents rapports provenant de l'institut SANS estiment que plus de 60 % des attaques commises sur l'Internet ciblent les applications web en se concentrant sur l
APA, Harvard, Vancouver, ISO, and other styles
16

Wheeler, Ryan. "BlindCanSeeQL: Improved Blind SQL Injection For DB Schema Discovery Using A Predictive Dictionary From Web Scraped Word Based Lists." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/6050.

Full text
Abstract:
SQL Injections are still a prominent threat on the web. Using a custom built tool, BlindCanSeeQL (BCSQL), we will explore how to automate Blind SQL attacks to discover database schema using fewer requests than the standard methods, thus helping avoid detection from overloading a server with hits. This tool uses a web crawler to discover keywords that assist with autocompleting schema object names, along with improvements in ASCII bisection to lower the number of requests sent to the server. Along with this tool, we will discuss ways to prevent and protect against such attacks.
APA, Harvard, Vancouver, ISO, and other styles
17

Friberg, Daniel. "WordPress och säkerhet inom tillägg från tredje parter : Skydda mot SQL-injection och Cross Site Scripting. Fallstudie av tre tillägg." Thesis, Karlstads universitet, Handelshögskolan, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-36439.

Full text
Abstract:
WordPress är ett av världens mest populära Content Management System. Eftersom det har en hög popularitet drar det till sig uppmärksamhet från personer och grupper som av olika anledningar vill utnyttja säkerhetsbrister på webbsidor. Syftet med denna uppsats är att testa säkerheten i olika tillägg till WordPress som externa utvecklare skapat eftersom dessa inte genomgår någon obligatorisk säkerhetskontroll. Insamlingen av data skedde via ett utförande av statiska tester på några utvalda tillägg. Denna teknik grundar sig i en granskning och analys av dokument i form av text, modeller eller kod.
APA, Harvard, Vancouver, ISO, and other styles
18

Matti, Erik. "Evaluation of open source web vulnerability scanners and their techniques used to find SQL injection and cross-site scripting vulnerabilities." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177606.

Full text
Abstract:
Both for its simplicity and efficiency to search for the most critical security vulnerabilities that could exist within a web application, a web vulnerability scanner is a popular tool among any company that develops a web application. With the existence of many different scanners that are available to use, one is unlikely the same as the other and the results attained when evaluating these scanners in relation to each other are often not the same. In this thesis, three different open source web vulnerability scanners are evaluated and analysed based on their ability to find SQL injection and
APA, Harvard, Vancouver, ISO, and other styles
19

Lundberg, Karl Johan. "Investigating the current state of securityfor small sized web applications." Thesis, Linköpings universitet, Databas och informationsteknik, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-89160.

Full text
Abstract:
It is not uncommon to read about hacker attacks in the newspaper today. The hackers are targeting governments and enterprises, and motives vary. It may be political or economic reasons, or just to gain reputation. News about smaller systems is, unsurprisingly, not as common. Does this mean that security is less relevant of smaller systems? This report investigates the threat model of smaller web applications, to answer that very question.Different attacks are described in the detail needed for explaining their threat but the intention is not to teach the reader to write secure code. The report
APA, Harvard, Vancouver, ISO, and other styles
20

Kunwar, Ramesh, and Mustafa Al-Leddawi. "Reviewing Security and Privacy Aspects in Combined Mobile Information System (CMIS) for health care systems." Thesis, Blekinge Tekniska Högskola, Avdelningen för för interaktion och systemdesign, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4649.

Full text
Abstract:
Medical area has been benefited by the use of ICT (Information and Communication Technology) in recent days. CMIS (Combined Mobile Information System), our proposed model system, is such a system targeted for health care system. IMIS (Integrated Mobile Information System), a system for diabetic healthcare, which is being developed in Blekinge Institute of Technology will be taken as a case study for our proposed system. CMIS is a multi-role system with core service being medical-care related and others like self-monitoring, journal-writing, communicating with fellow patients, relatives, etc. T
APA, Harvard, Vancouver, ISO, and other styles
21

Medlín, Dušan. "Nové technologie pro vývoj webových aplikací - Web 2.0." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2008. http://www.nusl.cz/ntk/nusl-217518.

Full text
Abstract:
The graduate thesis presents an analysis of the Web 2.0 applications developement. It defines the preliminary conditions and describes the technologies used for the creation of these applications, such as the markup languages HTML and XML, style sheet language CSS, tranfortmations language XSLT and scripting language JavaScript. The thesis depicts the security risks and the ways how the application can be protected against the XSS attacks and SQL Injection. Furthermore, it analyses a concept of the system containing features of the Web 2.0 trend, and its implementation in practice. The interne
APA, Harvard, Vancouver, ISO, and other styles
22

Prelgauskas, Justinas. "Vizitų registravimo sistemos projektavimas ir testavimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2008. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2008~D_20080710_150320-49423.

Full text
Abstract:
Šiame dokumente aprašytas darbas susideda ir trijų pagrindinių dalių. Pirmojoje, inžinerinėje dalyje atlikome vizitų registravimo sistemos (toliau - „PharmaCODE“) analizę ir projektavimą. Čia pateikėme esmines verslo aplinkos, reikalavimų ir konkurentų analizės, o taipogi ir projektavimo detales. Pateikėme pagrindinius architektūrinius sprendimus. Antrojoje darbo dalyje aprašėme sistemos kokybės tyrimus, naudojant statinės išeities kodų analizės įrankius ir metodus. Šioje dalyje aprašėme kokius įrankius naudojome ir pateikėme pagrindinius kodo analizės rezultatus. Trečiojoje darbo dalyje gilin
APA, Harvard, Vancouver, ISO, and other styles
23

Linnér, Samuel. "Graybox-baserade säkerhetstest : Att kostnadseffektivt simulera illasinnade angrepp." Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-2299.

Full text
Abstract:
<p>Att genomföra ett penetrationstest av en nätverksarkitektur är komplicerat, riskfyllt och omfattande. Denna rapport utforskar hur en konsult bäst genomför ett internt penetrationstest tidseffektivt, utan att utelämna viktiga delar. I ett internt penetrationstest får konsulten ofta ta del av systemdokumentation för att skaffa sig en bild av nätverksarkitekturen, på så sätt elimineras den tid det tar att kartlägga hela nätverket manuellt. Detta medför även att eventuella anomalier i systemdokumentationen kan identifieras. Kommunikation med driftansvariga under testets gång minskar risken för
APA, Harvard, Vancouver, ISO, and other styles
24

Степанов, Андрій В’ячеславович, та Andrii Stepanov. "Удосконалення стандартних методів захисту веб-додатків". Master's thesis, ТНТУ, 2021. http://elartu.tntu.edu.ua/handle/lib/36798.

Full text
Abstract:
Удосконалення стандартних методів захисту веб-додатків // Дипломна робота ОР «Магістр» // Степанов Андрій В’ячеславович // Тернопільський національний технічний університет імені Івана Пулюя, факультет комп’ютерно-інформаційних систем і програмної інженерії, кафедра кібербезпеки, група СБм-61 // Тернопіль, 2021 // С. 87 , рис. – 27 , табл. – , слайдів – 12 , додат. – 1 .<br>В роботі було проведено огляд літературних джерел в області дослідження. Здійснено огляд загального стану безпеки та вразливостей веб-додатків. Описано процес тестування безпеки веб-додатка. Також, здійснено огляд в
APA, Harvard, Vancouver, ISO, and other styles
25

Nsambu, Emmanuel, and Danish Aziz. "The Defense Against the latest Cyber Espionage both insider and outsider attacks." Thesis, Mittuniversitetet, Institutionen för informationsteknologi och medier, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-16477.

Full text
Abstract:
This study was carried out with the intention of examining the defensive mechanism employed against the latest cyber espionage methods including both insider and outsider attacks. The main focus of this study was on web servers as the targets of the cyber attacks. Information in connection to the study was obtained from researchers’ online articles. A survey was also conducted at MidSweden University in order to obtain information about the latest cyber attacks on web servers and about the existing defensive mechanism against such attacks. The existing defensive mechanism was surveyed and a si
APA, Harvard, Vancouver, ISO, and other styles
26

Panta, Purushottam. "Web Design, Development and Security." Connect to resource online, 2009. http://rave.ohiolink.edu/etdc/view?acc_num=ysu1244819478.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

Regéciová, Dominika. "Aplikace teorie formálních jazyků v oblasti počítačové bezpečnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2018. http://www.nusl.cz/ntk/nusl-386008.

Full text
Abstract:
Computer security is and will always be a critical area that affects everyone. Despite all the efforts made to build safer systems and test them, however, new vulnerabilities and vulnerabilities are still emerging and creating the impression of tilting at windmills. Partial justification of the current state, but also possible solutions, brings in many respects an extraordinary view of security through formal language theory. Emphasis should be put on a more responsible approach to the recognition and processing of inputs, which are often the gateway to many attacks. In this paper, we will get
APA, Harvard, Vancouver, ISO, and other styles
28

Whitelaw, Clayton. "Precise Detection of Injection Attacks on Concrete Systems." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/6051.

Full text
Abstract:
Injection attacks, including SQL injection, cross-site scripting, and operating system command injection, rank the top two entries in the MITRE Common Vulnerability Enumeration (CVE) [1]. Under this attack model, an application (e.g., a web application) uses some untrusted input to produce an output program (e.g., a SQL query). Applications may be vulnerable to injection attacks because the untrusted input may alter the output program in malicious ways. Recent work has established a rigorous definition of injection attacks. Injections are benign iff they obey the NIE property, which states tha
APA, Harvard, Vancouver, ISO, and other styles
29

Plašil, Matouš. "Soubor laboratorních úloh k demonstraci počítačových útoků." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2015. http://www.nusl.cz/ntk/nusl-220402.

Full text
Abstract:
Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video sam
APA, Harvard, Vancouver, ISO, and other styles
30

Pavlosek, Václav. "Webová aplikace pro výuku simulací v ns2." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2009. http://www.nusl.cz/ntk/nusl-218090.

Full text
Abstract:
There is information to my master's thesis which is called “Web application for NS2 training”. This application works after installation and its source codes are saved on applied CD. It is said about implement Network Simulator 2. It helps to realize simulation of nets and then author inserts information about them into web application. Registered web's visitor has possibility to insert project into application. The project contents information about simulation created in NS2. Web application can also visible detail of possible project which is approved of administrator. Then the visitor can s
APA, Harvard, Vancouver, ISO, and other styles
31

Holmberg, Daniel, and Victor Nyberg. "Functional and Security Testing of a Mobile Client-Server Application." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148710.

Full text
Abstract:
Today’s massive usage of smartphones has put a high demand on all application developers in the matter of security. For us to be able to keep using all existing and new applications, a process that removes significant security vulnerabilities is essential. To remove these vulnerabilities, the applications have to be tested. In this thesis, we identify six methods for functional and security testing of client-server applications running Android and Python Flask. Regarding functional testing, we implement Espresso testing and RESTful API testing. In regards to the security testing of the system,
APA, Harvard, Vancouver, ISO, and other styles
32

Kadlubiec, Jakub. "Mobilní systém pro sběr zpětné vazby zákazníků." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2013. http://www.nusl.cz/ntk/nusl-236177.

Full text
Abstract:
Práce se zabývá popisem tvorby mobilního systému pro monitoring zákaznické spokojenosti a sběr zpětné vazby od návštěvníků v restauracích s názvem Huerate. Komplexně jsou popsané všechny fáze vývoje systému. První část práce se zabývá analýzou existujících řešení a stavem na trhu. Následně jsou na základně komunikace s majiteli restaurací sestaveny požadavky na systém. Nakonec se práce věnuje samotnému návrhu systému, jeho implementaci a nasazení v restauracích. Systém Huerate běží jako webová aplikace a je dostupný na adrese http://huerate.cz.
APA, Harvard, Vancouver, ISO, and other styles
33

"A research in SQL injection." 2005. http://library.cuhk.edu.hk/record=b5892623.

Full text
Abstract:
Leung Siu Kuen.<br>Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.<br>Includes bibliographical references (leaves 67-68).<br>Abstracts in English and Chinese.<br>Abstract --- p.i<br>Acknowledgement --- p.iii<br>Chapter 1 --- Introduction --- p.1<br>Chapter 1.1 --- Motivation --- p.1<br>Chapter 1.1.1 --- A Story --- p.1<br>Chapter 1.2 --- Overview --- p.2<br>Chapter 1.2.1 --- Introduction of SQL Injection --- p.4<br>Chapter 1.3 --- The importance of SQL Injection --- p.6<br>Chapter 1.4 --- Thesis organization --- p.8<br>Chapter 2 --- Background --- p.10<br>Chapter 2.1 --- Flo
APA, Harvard, Vancouver, ISO, and other styles
34

蘇學翔. "Exploiting SQL Injection with Semantic Polymorphism." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/tvz4mu.

Full text
APA, Harvard, Vancouver, ISO, and other styles
35

Chen, Bo Han, and 陳柏翰. "Effective Practices For Defending SQL Injection Attacks." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/89556774781629620492.

Full text
Abstract:
碩士<br>長庚大學<br>資訊管理學系<br>98<br>When setting up a web server to read from a database, it’s important that the designer check the parameter information being passed from the customer to the webpage. Otherwise, the transmission of this data could create opportunities for assailants to find weaknesses which can be used to attack thesystem, possibly leading to loss of corporate or customer information. This study proposes the use of the Acunetix Web Vulnerability Scanner, Barracuda Web Application Firewall, and Splunk search engine to search the web server and Barracuda Web Application Firewall log
APA, Harvard, Vancouver, ISO, and other styles
36

Lee, Jieh-Hua, and 李玠樺. "A Layer-based SQL Injection Prevention System." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/86009733947954214171.

Full text
Abstract:
碩士<br>銘傳大學<br>資訊傳播工程學系碩士班<br>100<br>Web applications are the most popular services on the Internet. Many services combine database with web applications to provide the necessary information. Security problems with web applications are increasing with the growth of Internet applications. Malicious users are able to use SQL Injection attacks on vulnerabilities of web applications to obtain information in the database or exploit the system. A layer-based SQL Injection prevention system (LBSIPS) is proposed in this paper to protect the database. SQL commands are collected and classified at the fir
APA, Harvard, Vancouver, ISO, and other styles
37

Wu, Ko-Chih, and 巫格至. "Automated Exploit Generation for SQL Injection Attacks." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/66937924239857964035.

Full text
Abstract:
碩士<br>臺灣大學<br>電子工程學研究所<br>98<br>Automated static analysis tools are widely used today for finding input manipulation vulnerabilities in web applications, such as SQL injection. However, these tools may produce many false positives and these reported vulnerabilities cannot be verified easily. To verify these reported vulnerabilities, concrete attack requests need to be constructed and to be submitted to the target application, just like what hackers or black-box tools will do. Our approach is to send concrete exploits and to inspect SQL queries that are executed at run-time. Thus, it is pos
APA, Harvard, Vancouver, ISO, and other styles
38

Lu, Chian-Huey, and 盧芊慧. "Web Platform Independent SQL injection Attack Generation." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/43099096080587428778.

Full text
Abstract:
碩士<br>國立交通大學<br>資訊科學與工程研究所<br>102<br>Internet has been an important communication media for our daily life. Most of us access information and save our personal private data in the database through web applications. However, due to the ignorance of secure programming practice of web programmers, hackers may be able to access or destroy data through potential web vulnerabilities. We developed a web platform independent SQL injection attack generation method to improve our former web attack framework called CRAXweb. The system is able to generate exploit for the target web application automatical
APA, Harvard, Vancouver, ISO, and other styles
39

Aich, Dibyendu. "Secure Query Processing by Blocking SQL Injection." Thesis, 2009. http://ethesis.nitrkl.ac.in/1504/1/thesis_to_upload.pdf.

Full text
Abstract:
With the rise of the Internet, web applications, such as online banking and web-based email the web services as an instant means of information dissemination and various other transactions has essentially made them a key component of today‟s Internet infrastructure. Web-based systems consist of both infrastructure components and of application specific code. But there are many reports on intrusion from external hacker which compromised the back end database system, so we introduce briefly the key concepts and problems of information security and we present the major role that SQL Injection is
APA, Harvard, Vancouver, ISO, and other styles
40

Sarangi, A., and S. Panchamukhi. "Blocking SQL Injection in Database Stored Procedures." Thesis, 2010. http://ethesis.nitrkl.ac.in/1703/1/Blocking_sql_injection_in_database_stored_procedures.pdf.

Full text
Abstract:
This thesis contains a summary of all the work that has been done by us for the B-Tech project in the academic session of 2009-2010. The area chosen for the project was SQL Injection attacks and methods to prevent them, and this thesis goes on to describe four proposed models to block SQL Injection, all of them obtained from published research papers. It then gives the details of the implementation of the model “SQL Injection prevention in database stored procedures” as proposed by K. Muthuprasanna et al, which describes a technique to prevent injections attacks occurring due to dynamic SQL st
APA, Harvard, Vancouver, ISO, and other styles
41

Chia, Bernard, and 謝孟峰. "Web Forensic: Evidence of SQL Injection Attack Analysis." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/81060912022228427261.

Full text
Abstract:
碩士<br>國立臺北大學<br>資訊工程學系<br>102<br>In the WEB 2.0 generation, web attack has become a common issue and is widely used by intruders to exploit and access a system without any authorization. According to a survey from OWASP (Open Web Application Security Project’s), SQL injection attack (SQLIA) is placed first in the OWASP 2013’s top 10 list of cyber threats that is faced by the web service. SQLIA is a technique of inserting SQL meta-characters and commands into web-based input fields to change the original meaning of the SQL queries in order to manipulate the execution of the malicious SQL querie
APA, Harvard, Vancouver, ISO, and other styles
42

Pieš, Martin. "Systém pro detekci napadení databáze metodou "SQL injection"." Master's thesis, 2010. http://www.nusl.cz/ntk/nusl-286260.

Full text
APA, Harvard, Vancouver, ISO, and other styles
43

Lin, Che-Chia, and 林哲嘉. "Design and Implementation of SQL Injection Penetration System." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/95134447354413560501.

Full text
Abstract:
碩士<br>國立中正大學<br>通訊工程研究所<br>101<br>More and more public web sites contain personal private data and usually store them in an associated database. Web site security becomes important day by day, because once the web site has been compromised numerous private data potentially leak out, threatening to personal privacy. According to Open Web Application Security Project (OWASP) 2013 research, the injection is the first threat of the top 10. Injections contain SQL injection, OS injection and LDAP injection, where the SQL injection is the most threatening among them. This research proposed a penetrat
APA, Harvard, Vancouver, ISO, and other styles
44

Thomas, Stephen M. "Using automated fix generation to mitigate SQL injection vulnerabilities." 2007. http://www.lib.ncsu.edu/theses/available/etd-11062007-151028/unrestricted/etd.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
45

Migli, Roberto, and 馬若權. "A fast, multi-platform method to detect SQL Injection Attacks." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/66902532536363882776.

Full text
Abstract:
碩士<br>國立臺灣科技大學<br>資訊工程系<br>97<br>In these years SQL injection attacks became a major threat for both small and large web sites. This special kind of injection attack exploits vulnerabilities in the web applications that interact with a backend database. In this paper we analyze the SQL injection attack patterns and the previously proposed defense methods. We found that most of the existing researches are able to detect most of the attacks, but they do not consider the complexity involved in using the defense system and the eventual cost of modification of the original program. The proposed met
APA, Harvard, Vancouver, ISO, and other styles
46

Bento, Pedro Ricardo Saraiva. "Assessing Web Services Robustness and Security Using Malicious Data Injection." Master's thesis, 2015. http://hdl.handle.net/10316/35521.

Full text
Abstract:
Dissertação de Mestrado em Engenharia Informática apresentada à Faculdade de Ciências e Tecnologia da Universidade de Coimbra.<br>A tecnologia Web Services permite ligar aplicações criadas em diferentes plataformas, tendo atingido grande popularidade. Nos últimos anos, o uso desta tecnologia tem aumentado consideravelmente, não só como suporte a ambientes críticos de negócio, mas também em ambientes onde a robustez e segurança dos serviços é vital. Nestes ambientes, a presença de um problema de robustez ou uma vulnerabilidade de segurança pode traduzir-se em perdas a nível financeiro e/ou na r
APA, Harvard, Vancouver, ISO, and other styles
47

Wu, Ching-Ju, and 吳靜茹. "A Defense against SQL Injection Attack through Validation on Input Legitimacy." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/44317375982863901114.

Full text
Abstract:
碩士<br>中原大學<br>資訊工程研究所<br>97<br>The development of Web 2.0 brings in the prevalence of web application services based on database support. Along with the increasing interaction with database, web application service programs become complicate, which makes it difficult to guarantee that SQL query constructed using user input is safe to database. Therefore, an effective defense mechanism against SQL injection attack from malicious user is important to the safe use of the valuable content in the database. In this thesis, a novel defense scheme is proposed. Before a web application service prog
APA, Harvard, Vancouver, ISO, and other styles
48

Huang, Hao-lun, and 黃浩倫. "TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/79047244359095359380.

Full text
Abstract:
碩士<br>國立中央大學<br>資訊工程研究所<br>98<br>Web-based applications have become the major means of providing services by web servers and databases. These applications are the frequent target for attacks be-cause the databases underlying Web applications often contain private information (e.g., user accounts and financial records). In particular, SQL injection attacks, a class of injection flaw in which specially crafted input strings leads to illegal queries to da-tabases, are one of the topmost threats to web applications. A number of research pro-totypes and commercial products that maintain the queries
APA, Harvard, Vancouver, ISO, and other styles
49

Lai, Shu Mei, and 賴淑美. "Preventing SQL Injection Attacks Using the Field Attributes of User Input." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/72087296479960095398.

Full text
Abstract:
碩士<br>國立政治大學<br>資訊科學學系<br>97<br>With the dynamic development of network application and the increasing population of using internet, providing customer service and making business through network has been a prevalent trend recently. However, the risk appears with this trend. In a borderless net world, threaten comes from all directions. With the progress of information technology, the technique of network attack becomes timeless and widespread. It seems that defense methods have to develop against these attack techniques. But the root of all should regress on the original program design – che
APA, Harvard, Vancouver, ISO, and other styles
50

YANG, SHENG-CHUAN, and 楊勝全. "Research on Constructing SQL Injection Defending System Based on Knowledge Base." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/f3a6qw.

Full text
Abstract:
碩士<br>中國文化大學<br>資訊管理學系<br>106<br>A rapid developemet of network techonology promotes web application widely ap-plied. The combination of web application and database makes system more com-pli-cated than before. Besides, it is hard to confirm the security of database access re-quest by users. Therefore, we need a defense mechanism which can effectively block the SQL injection for database by malicious users. In this thesis, we propose a defense mecha-nism different from those of other scholars. With our method, we can defend both sin-gle attack and multiple query attack. Before executing databa
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'Sql-injection' for other source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography