To see the other types of publications on this topic, follow the link: Sql-injection.
Dissertations / Theses on the topic 'Sql-injection'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Sql-injection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Aryal, Dhiraj, and Anup Shakya. "A Taxonomy of SQL Injection Defense Techniques." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3076.
Full textAbstract:
Context: SQL injection attack (SQLIA) poses a serious defense threat to web applications by allowing attackers to gain unhindered access to the underlying databases containing potentially sensitive information. A lot of methods and techniques have been proposed by different researchers and practitioners to mitigate SQL injection problem. However, deploying those methods and techniques without a clear understanding can induce a false sense of security. Classification of such techniques would provide a great assistance to get rid of such false sense of security. Objectives: This paper is focused on classification of such techniques by building taxonomy of SQL injection defense techniques. Methods: Systematic literature review (SLR) is conducted using five reputed and familiar e-databases; IEEE, ACM, Engineering Village (Inspec/Compendex), ISI web of science and Scopus. Results: 61 defense techniques are found and based on these techniques, a taxonomy of SQL injection defense techniques is built. Our taxonomy consists of various dimensions which can be grouped under two higher order terms; detection method and evaluation criteria. Conclusion: The taxonomy provides a basis for comparison among different defense techniques. Organization(s) can use our taxonomy to choose suitable owns depending on their available resources and environments. Moreover, this classification can lead towards a number of future research directions in the field of SQL injection.0760880470, 0700183408
2
Bahureková, Beáta. "Technika SQL injection - její metody a způsoby ochrany." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2020. http://www.nusl.cz/ntk/nusl-433304.
Full textAbstract:
SQL injection is a technique directed against web applications using an SQL database, which can pose a huge security risk. It involves inserting code into an SQL database, and this attack exploits vulnerabilities in the database or application layer. The main goal of my thesis is to get acquainted with the essence of SQL injection, to understand the various methods of this attack technique and to show ways to defend against it. The work can be divided into these main parts, which I will discuss as follows.In the introductory part of the work I mention the theoretical basis concerning SQL injection issues. The next chapter is focused on individual methods of this technique. The analytical part is devoted to mapping the current state of test subjects, scanning tools, which form the basis for optimal research and testing of individual SQL methods, which are discussed in this part from a practical point of view along with the analysis of commands. In the last part I will implement SQL methods on selected subjects and based on the outputs I will create a universal design solution how to defend against such attacks.
3
Cetin, Cagri. "Authentication and SQL-Injection Prevention Techniques in Web Applications." Scholar Commons, 2019. https://scholarcommons.usf.edu/etd/7766.
Full textAbstract:
This dissertation addresses the top two “most critical web-application security risks” by combining two high-level contributions.
The first high-level contribution introduces and evaluates collaborative authentication, or coauthentication, a single-factor technique in which multiple registered devices work together to authenticate a user. Coauthentication provides security benefits similar to those of multi-factor techniques, such as mitigating theft of any one authentication secret, without some of the inconveniences of multi-factor techniques, such as having to enter passwords or biometrics. Coauthentication provides additional security benefits, including: preventing phishing, replay, and man-in-the-middle attacks; basing authentications on high-entropy secrets that can be generated and updated automatically; and availability protections against, for example, device misplacement and denial-of-service attacks. Coauthentication is amenable to many applications, including m-out-of-n, continuous, group, shared-device, and anonymous authentications. The principal security properties of coauthentication have been formally verified in ProVerif, and implementations have performed efficiently compared to password-based authentication.
The second high-level contribution defines a class of SQL-injection attacks that are based on injecting identifiers, such as table and column names, into SQL statements. An automated analysis of GitHub shows that 15.7% of 120,412 posted Java source files contain code vulnerable to SQL-Identifier Injection Attacks (SQL-IDIAs). We have manually verified that some of the 18,939 Java files identified during the automated analysis are indeed vulnerable to SQL-IDIAs, including deployed Electronic Medical Record software for which SQL-IDIAs enable discovery of confidential patient information. Although prepared statements are the standard defense against SQL injection attacks, existing prepared-statement APIs do not protect against SQL-IDIAs. This dissertation therefore proposes and evaluates an extended prepared-statement API to protect against SQL-IDIAs.
4
Sjöström, Linus. "Detecting SQL Injection Attacks in VoIP using Real-time Deep Packet Inspection : Can a Deep Packet Inspection Firewall Detect SQL Injection Attacks on SIP Traffic with Reasonable Performance?" Thesis, Linköpings universitet, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-161072.
Full textAbstract:
The use of the Internet has increased over the years, and it is now an integral part of our daily activities, as we often use it for everything from interacting on social media to watching videos online. Phone calls nowadays tend to use Voice over IP (VoIP), rather than the traditional phone networks. As with any other services using the Internet, these calls are vulnerable to attacks. This thesis focus on one particular attack: SQL injection in the Session Initial Protocol (SIP), where SIP is a popular protocol used within VoIP. To find different types of SQL injection, two classifiers are implemented to either classify SIP packets as "valid data" or "SQL injection". The first classifier uses regex to find SQL meta-characters in headers of interest. The second classifier uses naive Bayes with a training data set to classify. These two classifiers are then compared in terms of classification throughput, speed, and accuracy. To evaluate the performance impact of packet sizes and to better understand the classifiers resiliance against an attacker introducing large packets, a test with increasing packet sizes is also presented. The regex classifier is then implemented in a Deep Package Inspection (DPI) open-source implementation, nDPI, before being evaluated with regards to both throughput and accuracy. The result are in favor of the regex classifier as it had better accuracy and higher classification throughput. Yet, the naive Bayes classifier works better for new types of SQL injection that we do not know. It therefore argues that the best choice depends on the scenario; both classifiers have their strengths and weakness!
5
Trumble, Brandon. "Using Code Inspection, Code Modification, and Machine Learning to prevent SQL Injection." Thesis, Kutztown University of Pennsylvania, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=1590429.
Full textAbstract:
Modern day databases store invaluable information about everyone. This information is assumed to be safe, secure, and confidential. However, as technology has become more widespread, more people are able to abuse and exploit this information for personal gain. While the ideal method to combat this issue is the enhanced education of developers, that still leaves a large amount of time where this information is insecure. This thesis outlines two potential solutions to the problem that SQL Injection presents in the context of databases. The first modifies an existing code base to use safe prepared statements rather than unsafe standard queries. The second is a neural network application that sits between the user-facing part of a web application and the application itself. The neural network is designed to analyze data being submitted by a user and detect attempts at SQL injection.
6
Uwagbole, Solomon. "A pattern-driven corpus to predictive analytics in mitigating SQL injection attack." Thesis, Edinburgh Napier University, 2018. http://researchrepository.napier.ac.uk/Output/1538260.
Full textAbstract:
The back-end database provides accessible and structured storage for each web application's big data internet web traffic exchanges stemming from cloud-hosted web applications to the Internet of Things (IoT) smart devices in emerging computing. Structured Query Language Injection Attack (SQLIA) remains an intruder's exploit of choice to steal confidential information from the database of vulnerable front-end web applications with potentially damaging security ramifications. Existing solutions to SQLIA still follows the on-premise web applications server hosting concept which were primarily developed before the recent challenges of the big data mining and as such lack the functionality and ability to cope with new attack signatures concealed in a large volume of web requests. Also, most organisations' databases and services infrastructure no longer reside on-premise as internet cloud-hosted applications and services are increasingly used which limit existing Structured Query Language Injection (SQLI) detection and prevention approaches that rely on source code scanning. A bio-inspired approach such as Machine Learning (ML) predictive analytics provides functional and scalable mining for big data in the detection and prevention of SQLI in intercepting large volumes of web requests. Unfortunately, lack of availability of robust ready-made data set with patterns and historical data items to train a classifier are issues well known in SQLIA research applying ML in the field of Artificial Intelligence (AI). The purpose-built competition-driven test case data sets are antiquated and not pattern-driven to train a classifier for real-world application. Also, the web application types are so diverse to have an all-purpose generic data set for ML SQLIA mitigation. This thesis addresses the lack of pattern-driven data set by deriving one to predict SQLIA of any size and proposing a technique to obtain a data set on the fly and break the circle of relying on few outdated competitions-driven data sets which exist are not meant to benchmark real-world SQLIA mitigation. The thesis in its contributions derived pattern-driven data set of related member strings that are used in training a supervised learning model with validation through Receiver Operating Characteristic (ROC) curve and Confusion Matrix (CM) with results of low false positives and negatives. We further the evaluations with cross-validation to have obtained a low variance in accuracy that indicates of a successful trained model using the derived pattern-driven data set capable of generalisation of unknown data in the real-world with reduced biases. Also, we demonstrated a proof of concept with a test application by implementing an ML Predictive Analytics to SQLIA detection and prevention using this pattern-driven data set in a test web application. We observed in the experiments carried out in the course of this thesis, a data set of related member strings can be generated from a web expected input data and SQL tokens, including known SQLI signatures. The data set extraction ontology proposed in this thesis for applied ML in SQLIA mitigation in the context of emerging computing of big data internet, and cloud-hosted services set our proposal apart from existing approaches that were mostly on-premise source code scanning and queries structure comparisons of some sort.
7
Gopali, Gopali. "Protecting Web Applications from SQL Injection Attacks- Guidelines for Programmers Master Thesis." Thesis, Malmö universitet, Fakulteten för teknik och samhälle (TS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20238.
Full textAbstract:
Injektionsattack är den mest kritiska säkerhetsapplikationen för webbapplikationer, och SQL-injektion (SQLi) -attack är den mest rapporterade injektionsattacken på webbapplikationer. I denna avhandling har vi identifierat angreppsteknikerna som används av angripare och vi ger också riktlinjer så att programmerarna kan skriva webbapplikationskoder på ett säkert sätt för att förhindra SQLi-attackerna.Metoden som tillämpas för forskningen är litteraturstudie och vi använde vägen bevis genom demonstration för att få den tydliga bilden. Det första steget var att ta reda på kodningsfelen, då utformade vi riktlinjer som kan hjälpa till att skydda webbapplikationer från SQLi-attacker. Denna avhandling kommer att hjälpa programmerarna att förstå de olika kodningsbristerna och hur dessa kodningsfel kan förhindras och för detta har vi använt bevis genom demonstration. Denna avhandling kommer också att bidra till den allmänna medvetenheten om SQLi-attacker, attacker och riktlinjer för programmerare som designar, utvecklar och testar webbapplikationer.Injection attack is the most critical web application security risk, and SQL-injection (SQLi) attack is the most reported injection attack on web applications. In this thesis, we have identified the attacking techniques used by attackers and we are also providing guidelines so that the programmers can write web application code in a secure way, to prevent the SQLi attacks.The methodology applied for the research is literature study and we used the way proof by demonstration to get the clear picture. The first step was to find out the coding flaws, then we designed guidelines that can help to protect web applications from SQLi attacks. This thesis will help the programmers to understand the various coding flaws and how those coding flaws can be prevented and for this, we have used proof by demonstration. This thesis will also contribute to the general awareness of SQLi attacks, attack types and guidelines for the programmers who are designing, developing and testing web applications.
8
Pandey, Amit Kumar. "Securing Web Applications From Application-Level Attack." Kent State University / OhioLINK, 2007. http://rave.ohiolink.edu/etdc/view?acc_num=kent1181098075.
Full text
9
Norström, Alexander. "Measuring Accurancy of Vulnerability Scanners : An Evaluation with SQL Injections." Thesis, Linköpings universitet, Informationskodning, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-106628.
Full textAbstract:
Web application vulnerabilities of critical are commonly found in web applications. The arguably most problematic class of web application vulnerabilities is SQL injections. SQL injection vulnerabilities can be used to execute commands on the database coupled to the web application, e.g., to extract the web application’s user and passwords data. Black box testing tools are often used (both by system owners and their adversaries) to discover vul- nerabilities in a running web application. Hence, how well they perform at discovering SQL injection vulnerabilities is of importance. This thesis describes an experiment assessing de- tection capability for different SQL injection vulnerabilities under different conditions. In the experiment the following is varied: SQL injection vulnerability (17 instances allowing tautologies, piggy-backed queries, and logically incorrect queries), scanners (four products), exploitability (three levels), input vector (POST/GET), and time investment (three levels). The number of vulnerabilities detected is largely determined by the choice of scanner (30% to 77%) and the input vector (71% or 38%). The interaction between the scanner and input vector is substantial since two scanners cannot handle the POST-vector at all. Substantial differences are also found between how well different SQL injection vulnerabilities are de- tected and the more exploitable variants are detected more often, as expected. The impact of time spent with the scan interacts with the scanner - some scanners required considerable time to configure and other did not – and as a consequence the relationship between time investments to detection capabilities is non-trivial.
10
Scholte, Theodoor. "Amélioration de la sécurité par la conception des logiciels web." Thesis, Paris, ENST, 2012. http://www.theses.fr/2012ENST0024/document.
Full textAbstract:
L'internet est devenu un environnement omniprésent dans le monde du travail et du loisir. La popularité sans cesse croissante des applications web ainsi que des services associés entraînent l'exécution de nombreuses transactions critiques, qui soulèvent des questions de sécurité. Du fait de cette croissance, des efforts ont été entrepris durant cette dernière décennie pour rendre les applications web plus sûres. Malgré ces efforts, de récents rapports provenant de l'institut SANS estiment que plus de 60 % des attaques commises sur l'Internet ciblent les applications web en se concentrant sur les vulnérabilités inhérentes aux problèmes de validation, comme le Cross-Site Scripting ou les injections SQL. Dans cette thèse, nous avons conduit deux études de recherche empirique, analysant un grand nombre d'application web vulnérables. Nous avons assemblé une base de données contenant plus de 10.000 rapports de vulnérabilités depuis l'an 2000. Ensuite, nous avons analysé ces données pour déterminer si les développeurs ont pris conscience des problématiques de sécurité web de nos jours, comparé à la période où ces applications émergeaient. Puis nous avons analysé l'étroit lien entre le langage de programmation utilisé pour développer l'application web et le nombre de vulnérabilité reporté. Avec ces résultats empiriques comme base, nous présentons notre solution IPAAS qui aide les développeurs novice en termes de sécurité à écrire des applications sécurisées par défaut. Nous montrons par ailleurs que cette technique améliore de manière probante la sécurité des applications webThe web has become a backbone of our industry and daily life. The growing popularity of web applications and services and the increasing number of critical transactions being performed, has raised security concerns. For this reason, much effort has been spent over the past decade to make web applications more secure. Despite these efforts, recent data from SANS institute estimates that up to 60% of Internet attacks target web applications and critical vulnerabilities such as cross-site scripting and SQL injection are still very common. In this thesis, we conduct two empirical studies on a large number of web applications vulnerabilities with the aim of gaining deeper insights in how input validation flaws have evolved in the past decade and how these common vulnerabilities can be prevented. Our results suggest that the complexity of the attacks have not changed significantly and that many web problems are still simple in nature. Our studies also show that most SQL injection and a significant number of cross-site scripting vulnerabilities can be prevented using straight-forward validation mechanisms based on common data types. With these empirical results as foundation, we present IPAAS which helps developers that are unaware of security issues to write more secure web applications than they otherwise would do. It includes a novel technique for preventing the exploitation of cross-site scripting and SQL injection vulnerabilities based on automated data type detection of input parameters. We show that this technique results in significant and tangible security improvements for real web applications
11
Lokby, Patrik, and Manfred Jönsson. "Preventing SQL Injections by Hashing the Query Parameter Data." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-14922.
Full textAbstract:
Context. Many applications today use databases to store user informationor other data for their applications. This information can beaccessed through various different languages depending on what typeof database it is. Databases that use SQL can maliciously be exploitedwith SQL injection attacks. This type of attack involves inserting SQLcode in the query parameter. The injected code sent from the clientwill then be executed on the database. This can lead to unauthorizedaccess to data or other modifications within the database. Objectives. In this study we investigate if a system can be builtwhich prevents SQL injection attacks from succeeding on web applicationsthat is connected with a MySQL database. In the intendedmodel, a proxy is placed between the web server and the database.The purpose of the proxy is to hash the SQL query parameter dataand remove any characters that the database will interpret as commentsyntax. By processing each query before it reaches its destination webelieve we can prevent vulnerable SQL injection points from being exploited. Methods. A literary study is conducted the gain the knowledgeneeded to accomplish the objectives for this thesis. A proxy is developedand tested within a system containing a web server and database.The tests are analyzed to arrive at a conclusion that answers ours researchquestions. Results. Six tests are conducted which includes detection of vulnerableSQL injection points and the delay difference on the system withand without the proxy. The result is presented and analyzed in thethesis. Conclusions. We conclude that the proxy prevents SQL injectionpoints to be vulnerable on the web application. Vulnerable SQL injectionpoints is still reported even with the proxy deployed in thesystem. The web server is able to process more http requests that requiresa database query when the proxy is not used within the system.More studies are required since there is still vulnerable SQL injectionspoints.
12
Klock, Robert. "Quality of SQL Code Security on StackOverflow and Methods of Prevention." Oberlin College Honors Theses / OhioLINK, 2021. http://rave.ohiolink.edu/etdc/view?acc_num=oberlin1625831198110328.
Full text
13
Smith, Grant Joseph. "Analysis and Prevention of Code-Injection Attacks on Android OS." Scholar Commons, 2014. https://scholarcommons.usf.edu/etd/5391.
Full textAbstract:
Injection attacks are the top two causes of software errors and vulnerabilities, according to the MITRE Common Vulnerabilities list [1]. This thesis presents a threat analysis of injection attacks on applications built for Android, a popular but not rigorously studied operating system designed for mobile devices. The following thesis is argued: Injection attacks are possible on off-the-shelf Android systems, and such attacks have the capacity to compromise the device through resource denial and leaking private data. Specifically, we demonstrate that injection attacks are possible through the OS shell and through the SQLite API. To mitigate these attacks, we augment the Android OS with a taint-tracking mechanism to monitor the flow of untrusted character strings through application execution. We use this taint information to implement a mechanism to detect and prevent these injection attacks. A good denition of an attack being critical to preventing it, our mechanism is based on Ray and Ligatti's formalized “NIE" property, which states that untrusted inputs must only insert or expand noncode tokens in output programs. If this property is violated, an injection attack has occurred. This definition's detection algorithm, in combination with our taint tracker, allow our mechanism to defend against these attacks.
14
Shahriar, Hossain. "Mutation-based testing of buffer overflows, SQL injections, and format string bugs." Thesis, Kingston, Ont. : [s.n.], 2008. http://hdl.handle.net/1974/1359.
Full text
15
Scholte, Theodoor. "Amélioration de la sécurité par la conception des logiciels web." Electronic Thesis or Diss., Paris, ENST, 2012. http://www.theses.fr/2012ENST0024.
Full textAbstract:
L'internet est devenu un environnement omniprésent dans le monde du travail et du loisir. La popularité sans cesse croissante des applications web ainsi que des services associés entraînent l'exécution de nombreuses transactions critiques, qui soulèvent des questions de sécurité. Du fait de cette croissance, des efforts ont été entrepris durant cette dernière décennie pour rendre les applications web plus sûres. Malgré ces efforts, de récents rapports provenant de l'institut SANS estiment que plus de 60 % des attaques commises sur l'Internet ciblent les applications web en se concentrant sur les vulnérabilités inhérentes aux problèmes de validation, comme le Cross-Site Scripting ou les injections SQL. Dans cette thèse, nous avons conduit deux études de recherche empirique, analysant un grand nombre d'application web vulnérables. Nous avons assemblé une base de données contenant plus de 10.000 rapports de vulnérabilités depuis l'an 2000. Ensuite, nous avons analysé ces données pour déterminer si les développeurs ont pris conscience des problématiques de sécurité web de nos jours, comparé à la période où ces applications émergeaient. Puis nous avons analysé l'étroit lien entre le langage de programmation utilisé pour développer l'application web et le nombre de vulnérabilité reporté. Avec ces résultats empiriques comme base, nous présentons notre solution IPAAS qui aide les développeurs novice en termes de sécurité à écrire des applications sécurisées par défaut. Nous montrons par ailleurs que cette technique améliore de manière probante la sécurité des applications webThe web has become a backbone of our industry and daily life. The growing popularity of web applications and services and the increasing number of critical transactions being performed, has raised security concerns. For this reason, much effort has been spent over the past decade to make web applications more secure. Despite these efforts, recent data from SANS institute estimates that up to 60% of Internet attacks target web applications and critical vulnerabilities such as cross-site scripting and SQL injection are still very common. In this thesis, we conduct two empirical studies on a large number of web applications vulnerabilities with the aim of gaining deeper insights in how input validation flaws have evolved in the past decade and how these common vulnerabilities can be prevented. Our results suggest that the complexity of the attacks have not changed significantly and that many web problems are still simple in nature. Our studies also show that most SQL injection and a significant number of cross-site scripting vulnerabilities can be prevented using straight-forward validation mechanisms based on common data types. With these empirical results as foundation, we present IPAAS which helps developers that are unaware of security issues to write more secure web applications than they otherwise would do. It includes a novel technique for preventing the exploitation of cross-site scripting and SQL injection vulnerabilities based on automated data type detection of input parameters. We show that this technique results in significant and tangible security improvements for real web applications
16
Wheeler, Ryan. "BlindCanSeeQL: Improved Blind SQL Injection For DB Schema Discovery Using A Predictive Dictionary From Web Scraped Word Based Lists." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/6050.
Full textAbstract:
SQL Injections are still a prominent threat on the web. Using a custom built tool, BlindCanSeeQL (BCSQL), we will explore how to automate Blind SQL attacks to discover database schema using fewer requests than the standard methods, thus helping avoid detection from overloading a server with hits. This tool uses a web crawler to discover keywords that assist with autocompleting schema object names, along with improvements in ASCII bisection to lower the number of requests sent to the server. Along with this tool, we will discuss ways to prevent and protect against such attacks.
17
Friberg, Daniel. "WordPress och säkerhet inom tillägg från tredje parter : Skydda mot SQL-injection och Cross Site Scripting. Fallstudie av tre tillägg." Thesis, Karlstads universitet, Handelshögskolan, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-36439.
Full textAbstract:
WordPress är ett av världens mest populära Content Management System. Eftersom det har en hög popularitet drar det till sig uppmärksamhet från personer och grupper som av olika anledningar vill utnyttja säkerhetsbrister på webbsidor. Syftet med denna uppsats är att testa säkerheten i olika tillägg till WordPress som externa utvecklare skapat eftersom dessa inte genomgår någon obligatorisk säkerhetskontroll. Insamlingen av data skedde via ett utförande av statiska tester på några utvalda tillägg. Denna teknik grundar sig i en granskning och analys av dokument i form av text, modeller eller kod. Genom en granskning av olika tillägg undersöktes hur utvecklarna sköter säkerhet, validering och sanitering av data som skickas med kontaktformulär. Data samlades också genom att genomföra dynamiska tester som utförde attacker med SQLl injection och XSS (cross-site scripting) med hjälp av två penetrationstestningsverktyg. WordPress och PHP, det språk som WordPress till stor del är byggt i, tillhandahåller en mängd funktioner och metoder för att säkra data som skickas med formulär. Utvecklarna av tilläggen använder dessa väl och testerna på både de statiska och dynamiska testerna visade inte några säkerhetsbrister i något av tilläggen.
18
Matti, Erik. "Evaluation of open source web vulnerability scanners and their techniques used to find SQL injection and cross-site scripting vulnerabilities." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177606.
Full textAbstract:
Both for its simplicity and efficiency to search for the most critical security vulnerabilities that could exist within a web application, a web vulnerability scanner is a popular tool among any company that develops a web application. With the existence of many different scanners that are available to use, one is unlikely the same as the other and the results attained when evaluating these scanners in relation to each other are often not the same. In this thesis, three different open source web vulnerability scanners are evaluated and analysed based on their ability to find SQL injection and cross-site scripting vulnerabilities. The scanners were used on several open source deliberately broken web applications that acted as benchmarks. The benchmarks that caused much diversity in the results from the scanners were further investigated. When analysing the scanners based on the results, both the actual results were analysed on what caused the diversity but most of all the source code of the scanners were explored and investigated. It could be found that the techniques used by the scanners were essentially similar but contained several minor differences that caused the diversity in the results. Most differences were dependant on the variation of the predefined payloads injected by the scanners, but it could also be found that the approaches used to determine if a vulnerability was detected or not could vary as well. The finalised result concluded in a report that reveals and demonstrates the different approaches that any web vulnerability scanner could use and the limitations of them.
19
Lundberg, Karl Johan. "Investigating the current state of securityfor small sized web applications." Thesis, Linköpings universitet, Databas och informationsteknik, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-89160.
Full textAbstract:
It is not uncommon to read about hacker attacks in the newspaper today. The hackers are targeting governments and enterprises, and motives vary. It may be political or economic reasons, or just to gain reputation. News about smaller systems is, unsurprisingly, not as common. Does this mean that security is less relevant of smaller systems? This report investigates the threat model of smaller web applications, to answer that very question.Different attacks are described in the detail needed for explaining their threat but the intention is not to teach the reader to write secure code. The report does, however, provide the reader with a rich source of references for that purpose. After describing some of the worst threats, the general cloud threat model is analyzed. This is followed by a practical analysis of a cloud system, and the report is closed with general strategies for countering threats.The severe destruction that a successful attack may cause and the high prevalence of those attacks motivates some security practices to be performed whenever software is produced. Attacks against smaller companies are more common now than ever before
20
Kunwar, Ramesh, and Mustafa Al-Leddawi. "Reviewing Security and Privacy Aspects in Combined Mobile Information System (CMIS) for health care systems." Thesis, Blekinge Tekniska Högskola, Avdelningen för för interaktion och systemdesign, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4649.
Full textAbstract:
Medical area has been benefited by the use of ICT (Information and Communication Technology) in recent days. CMIS (Combined Mobile Information System), our proposed model system, is such a system targeted for health care system. IMIS (Integrated Mobile Information System), a system for diabetic healthcare, which is being developed in Blekinge Institute of Technology will be taken as a case study for our proposed system. CMIS is a multi-role system with core service being medical-care related and others like self-monitoring, journal-writing, communicating with fellow patients, relatives, etc. The main reason for not using CMIS could be the security and privacy of the users' information. Any system connected to Internet is always prone to attack, and we think CMIS is no exception. The security and privacy is even more important considering the legal and ethical issues of the sensitive medical data. The CMIS system can be accessed through PDA (Personal Digital Assistant), smart phones or computer via Internet using GPRS (General Packet Radio Service)/UMTS (Universal Mobile Telecommunication System) and wired-communication respectively. On the other hand, it also increases the burden for security and privacy, related to the use of such communications. This thesis discusses various security and privacy issues arising from the use of mobile communication and wired communication in context of CMIS i.e., issues related to GPRS (mobile) and web application (using wired communication). Along with the threats and vulnerabilities, possible countermeasures are also discussed. This thesis also discusses the prospect of using MP2P (Mobile Peer-to-Peer) as a service for some services (for example, instant messaging system between patients) in CMIS. However, our main concern is to study MP2P feasibility with prospect to privacy. In this thesis, we have tried to identify various security and privacy threats and vulnerabilities CMIS could face, security services required to be achieved and countermeasure against those threats and vulnerabilities. In order to accomplish the goal, a literature survey was carried out to find potential vulnerabilities and threats and their solution for our proposed system. We found out that XSS (cross-site scripting), SQL injection and DoS attack being common for a web application. We also found that attack against mobile communication is relatively complex thus difficult to materialize. In short, we think that an overall planned security approach (routinely testing system for vulnerabilities, applying patches, etc) should be used to keep threats and attacks at bay.
21
Medlín, Dušan. "Nové technologie pro vývoj webových aplikací - Web 2.0." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2008. http://www.nusl.cz/ntk/nusl-217518.
Full textAbstract:
The graduate thesis presents an analysis of the Web 2.0 applications developement. It defines the preliminary conditions and describes the technologies used for the creation of these applications, such as the markup languages HTML and XML, style sheet language CSS, tranfortmations language XSLT and scripting language JavaScript. The thesis depicts the security risks and the ways how the application can be protected against the XSS attacks and SQL Injection. Furthermore, it analyses a concept of the system containing features of the Web 2.0 trend, and its implementation in practice. The internet portal enabling all registered users to share information with the others, will be the result. Files can be uploaded, and maps and videos can be inserted into the system.
22
Prelgauskas, Justinas. "Vizitų registravimo sistemos projektavimas ir testavimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2008. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2008~D_20080710_150320-49423.
Full textAbstract:
Šiame dokumente aprašytas darbas susideda ir trijų pagrindinių dalių. Pirmojoje, inžinerinėje dalyje atlikome vizitų registravimo sistemos (toliau - „PharmaCODE“) analizę ir projektavimą. Čia pateikėme esmines verslo aplinkos, reikalavimų ir konkurentų analizės, o taipogi ir projektavimo detales. Pateikėme pagrindinius architektūrinius sprendimus. Antrojoje darbo dalyje aprašėme sistemos kokybės tyrimus, naudojant statinės išeities kodų analizės įrankius ir metodus. Šioje dalyje aprašėme kokius įrankius naudojome ir pateikėme pagrindinius kodo analizės rezultatus. Trečiojoje darbo dalyje gilinomės į išeities tekstų analizės metodus ir įrankius, sukūrėme patobulintą analizės taisyklę. Mūsų taisyklės pagalba pavyko aptikti daugiau potencialių SQL-įterpinių saugumo spragų nei aptiko jos pirmtakė – Microsoft projektuota kodo analizės taisyklė.This work consists of three major parts. First – engineering part – is analysis and design of call reporting system (codename – “PharmaCODE”). We will provide main details of business analysis and design decisions. Second part is all about testing and ensuring system quality, mainly by means of static source code analysis tools & methods. We will describe tools being used and provide main results of source code analysis in this part. And finally, in the third part of this we go deeper into static source code analysis and try to improve one of analysis rules. These days, when there is plenty of evolving web-based applications, security is gaining more and more impact. Most of those systems have, and depend on, back-end databases. However, web-based applications are vulnerable to SQL-injection attacks. In this paper we present technique of solving this problem using secure-coding guidelines and .NET Framework’s static code analysis methods for enforcing those guidelines. This approach lets developers discover vulnerabilities in their code early in development process. We provide a research and realization of improved code analysis rule, which can automatically discover SQL-injection vulnerabilities in MSIL code.
23
Linnér, Samuel. "Graybox-baserade säkerhetstest : Att kostnadseffektivt simulera illasinnade angrepp." Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-2299.
Full textAbstract:
Att genomföra ett penetrationstest av en nätverksarkitektur är komplicerat, riskfyllt och omfattande. Denna rapport utforskar hur en konsult bäst genomför ett internt penetrationstest tidseffektivt, utan att utelämna viktiga delar. I ett internt penetrationstest får konsulten ofta ta del av systemdokumentation för att skaffa sig en bild av nätverksarkitekturen, på så sätt elimineras den tid det tar att kartlägga hela nätverket manuellt. Detta medför även att eventuella anomalier i systemdokumentationen kan identifieras. Kommunikation med driftansvariga under testets gång minskar risken för missförstånd och systemkrascher. Om allvarliga sårbarheter identifieras meddelas driftpersonalen omgå-ende. Ett annat sätt att effektivisera testet är att skippa tidskrävande uppgifter som kommer att lyckas förr eller senare, t.ex. lösenordsknäckning, och istället påpeka att orsaken till sårbarheten är att angriparen har möjlighet att testa lösenord obegränsat antal gånger. Därutöver är det lämpligt att simulera vissa attacker som annars kan störa produktionen om testet genomförs i en driftsatt miljö.
Resultatet av rapporten är en checklista som kan tolkas som en generell metodik för hur ett internt penetrationstest kan genomföras. Checklistans syfte är att underlätta vid genomförande av ett test. Processen består av sju steg: förberedelse och planering, in-formationsinsamling, sårbarhetsdetektering och analys, rättighetseskalering, penetrationstest samt summering och rapportering.
A network architecture penetration test is complicated, full of risks and extensive. This report explores how a consultant carries it out in the most time effective way, without overlook important parts. In an internal penetration test the consultant are often allowed to view the system documentation of the network architecture, which saves a lot of time since no total host discovery is needed. This is also good for discovering anomalies in the system documentation. Communication with system administrators during the test minimizes the risk of misunderstanding and system crashes. If serious vulnerabilities are discovered, the system administrators have to be informed immediately. Another way to make the test more effective is to skip time consuming tasks which will succeed sooner or later, e.g. password cracking, instead; point out that the reason of the vulnerability is the ability to brute force the password. It is also appropriate to simulate attacks which otherwise could infect the production of the organization.
The result of the report is a checklist by means of a general methodology of how in-ternal penetration tests could be implemented. The purpose of the checklist is to make it easier to do internal penetration tests. The process is divided in seven steps: Planning, information gathering, vulnerability detection and analysis, privilege escalation, pene-tration test and final reporting.
24
Степанов, Андрій В’ячеславович, and Andrii Stepanov. "Удосконалення стандартних методів захисту веб-додатків." Master's thesis, ТНТУ, 2021. http://elartu.tntu.edu.ua/handle/lib/36798.
Full textAbstract:
Удосконалення стандартних методів захисту веб-додатків // Дипломна робота ОР «Магістр» // Степанов Андрій В’ячеславович // Тернопільський національний технічний університет імені Івана Пулюя, факультет комп’ютерно-інформаційних систем і програмної інженерії, кафедра кібербезпеки, група СБм-61 // Тернопіль, 2021 // С. 87 , рис. – 27 , табл. – , слайдів – 12 , додат. – 1 .В роботі було проведено огляд літературних джерел в області дослідження. Здійснено огляд загального стану безпеки та вразливостей веб-додатків. Описано процес тестування безпеки веб-додатка. Також, здійснено огляд використання WAF. Описано, найпоширеніші способи захисту веб-додатків від підбору, слабкої валідації відновлення пароля, XSS та SQL-ін’єкцій. У результаті виконання дипломної роботи, були розроблені удосконалення, які є простими в реалізації, ефективними, надійними та продуктивними, що дозволяє використовувати їх при розробці нових додатків, або інтегрувати їх, як удоконалення, до вже наявних механізмів захисту додатка.
The paper reviews literature sources in the field of research. A comparative analysis of the general state of security and vulnerabilities of the web-apps is conducted. The Web-app testing process was described. Also, WAF purposes and goals was overviewed. Described the most common web-app security methods for brute force, weak password recovery validation, XSS and SQL-Injection attacks. As a result of this work enhancement to the standard web-app security methods was developed. They are easy to implement, effective, reliable and efficient. All these properties allow developers to use them in new web-apps, or integrate them to the existing security systems.
ПЕРЕЛІК УМОВНИХ ПОЗНАЧЕНЬ, СИМВОЛІВ, ОДИНИЦЬ, СКОРОЧЕНЬ І ТЕРМІНІВ... 8 ВСТУП... 9 РОЗДІЛ 1 ТЕСТУВАННЯ WEB-ДОДАТКІВ НА ВРАЗЛИВОСТІ... 12 1.1 Процес роботи веб-додатку... 12 1.2 Вразливості та їх вплив на безпеку бізнесу... 13 1.3 Стан безпеки веб додатків... 15 1.4 Короткий огляд найпоширеніших вразливостей web-додатків... 18 1.5 Тестування безпеки веб-додатків... 19 1.5.1 Актуальність тестування веб-додатків... 19 1.5.2 Процес тестування веб-додатків ... 21 1.5.3 Типи тестів безпеки веб-додатків ... 22 1.6 Web application firewall (WAF)... 23 РОЗДІЛ 2 СТАНДАРТНІ МЕТОДИ ЗАХИСТУ ВІД НАЙПОШИРЕНІШИХ ТИПІВ АТАК... 25 2.1 Підбір (brute-force attack)...27 2.1.1 Опис атаки... 27 2.2.2 Найпоширеніші методи захисту... 29 2.2 Слабка валідація відновлення пароля... 30 2.2.1 Опис атаки... 30 2.2.2 Найпоширеніші методи захисту... 30 2.3 Cross-site scripting (XSS) ... 31 2.3.1 Опис атаки ... 31 2.3.2 Найпоширеніші методи захисту... 32 2.4 SQL/No-SQL ін’єкції... 34 2.4. 1. Опис атаки... 34 2.4.2. Найпоширеніші методи захисту... 36 РОЗДІЛ 3 УДОСКОНАЛЕННЯ СТАНДАРТНИХ МЕТОДІВ ЗАХИСТУ ... 38 3.1 Удосконалення стандартних методів захисту проти атаки підбору (brute force) ... 38 3.1.1 Використання вайтліста ... 39 3.1.2 Зміна адреси сторінки ... 42 3.1.3 Використання 256-бітних ключів шифрування ... 43 3.2 Удосконалення стандартних методів захисту проти слабкої валідації відновлення пароля ... 43 3.2.1 Збільшення кількості питань ... 44 3.2.2 Використання пін-коду... 49 3.2.3 Додавання прив’язки до часу та користувача ... 51 3.3 Удосконалення стандартних методів захисту від XSS... 57 3.3.1 Використання сучасних фреймворків та бібліотек для побудови користувацьких інтерфейсів... 57 3.3.2 Дезінфекція даних, що будуть додані в CSS в якості URL атрибуту... 59 3.3.3 Дезінфекція даних при використанні element.innerHTML, element.outerHTML, document.write(...) та їх еквівалентів. ... 63 3.4 Удосконалення стандартних засобів захисту від SQL-ін’єкцій... 66 3.4.1 Приведення до цілочисельного типу... 67 3.4.2 Використання білих списків ... 71 РОЗДІЛ 4 ОХОРОНА ПРАЦІ ТА БЕЗПЕКА В НАДЗВИЧАЙНИХ СИТУАЦІЯХ 76 4.1 Охорона праці .... 76 4.2 Підвищення стійкості роботи огд об’єктів госп діяльності у воєнний час ... 78 ВИСНОВКИ .... 85 СПИСОК ЛІТЕРАТУРИ... 86 ДОДАТКИ
25
Nsambu, Emmanuel, and Danish Aziz. "The Defense Against the latest Cyber Espionage both insider and outsider attacks." Thesis, Mittuniversitetet, Institutionen för informationsteknologi och medier, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-16477.
Full textAbstract:
This study was carried out with the intention of examining the defensive mechanism employed against the latest cyber espionage methods including both insider and outsider attacks. The main focus of this study was on web servers as the targets of the cyber attacks. Information in connection to the study was obtained from researchers’ online articles. A survey was also conducted at MidSweden University in order to obtain information about the latest cyber attacks on web servers and about the existing defensive mechanism against such attacks. The existing defensive mechanism was surveyed and a simple design was created to assist in the investigation of the efficiency of the system. Some simple implementations of the existing defensive mechanism were made in order to provide some practical results that were used for the study. The existing defensive mechanism was surveyed and improved upon where possible. The improved defensive mechanism was designed and implemented and its results were compared with the results from the existing defensive mechanism. Due to the fact that the majority of the attackers use defensive mechanisms’ vulnerability in order to find their way into devices such as web servers, it was felt that, even with the most sophisticated improved defensive mechanism in place, it would not be entirely correct to claim that it is possible to fully protect web servers against such attacks.
26
Panta, Purushottam. "Web Design, Development and Security." Connect to resource online, 2009. http://rave.ohiolink.edu/etdc/view?acc_num=ysu1244819478.
Full text
27
Regéciová, Dominika. "Aplikace teorie formálních jazyků v oblasti počítačové bezpečnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2018. http://www.nusl.cz/ntk/nusl-386008.
Full textAbstract:
Computer security is and will always be a critical area that affects everyone. Despite all the efforts made to build safer systems and test them, however, new vulnerabilities and vulnerabilities are still emerging and creating the impression of tilting at windmills. Partial justification of the current state, but also possible solutions, brings in many respects an extraordinary view of security through formal language theory. Emphasis should be put on a more responsible approach to the recognition and processing of inputs, which are often the gateway to many attacks. In this paper, we will get acquainted with this trend and its recommendations for development and will then introduce a new method of detecting SQL injection attacks built on its foundations.
28
Whitelaw, Clayton. "Precise Detection of Injection Attacks on Concrete Systems." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/6051.
Full textAbstract:
Injection attacks, including SQL injection, cross-site scripting, and operating system command injection, rank the top two entries in the MITRE Common Vulnerability Enumeration (CVE) [1]. Under this attack model, an application (e.g., a web application) uses some untrusted input to produce an output program (e.g., a SQL query). Applications may be vulnerable to injection attacks because the untrusted input may alter the output program in malicious ways. Recent work has established a rigorous definition of injection attacks. Injections are benign iff they obey the NIE property, which states that injected symbols strictly insert or expand noncode tokens in the output program. Noncode symbols are strictly those that are either removed by the tokenizer (e.g., insignificant whitespace) or span closed values in the output program language, and code symbols are all other symbols. This thesis demonstrates that such attacks are possible on applications for Android—a mobile device operating system—and Bash—a common Linux shell—and shows by construction that these attacks can be detected precisely. Specifically, this thesis examines the recent Shellshock attacks on Bash and shows how it widely differs from ordinary attacks, but can still be precisely detected by instrumenting the output program’s runtime. The paper closes with a discussion of the lessons learned from this study and how best to overcome the practical challenges to precisely preventing these attacks in practice.
29
Plašil, Matouš. "Soubor laboratorních úloh k demonstraci počítačových útoků." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2015. http://www.nusl.cz/ntk/nusl-220402.
Full textAbstract:
Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.
30
Pavlosek, Václav. "Webová aplikace pro výuku simulací v ns2." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2009. http://www.nusl.cz/ntk/nusl-218090.
Full textAbstract:
There is information to my master's thesis which is called “Web application for NS2 training”. This application works after installation and its source codes are saved on applied CD. It is said about implement Network Simulator 2. It helps to realize simulation of nets and then author inserts information about them into web application. Registered web's visitor has possibility to insert project into application. The project contents information about simulation created in NS2. Web application can also visible detail of possible project which is approved of administrator. Then the visitor can sort projects, search entered expression or connect his contribution to discussion forum. Administrator can approve users projects in his part of application. It makes available for the others. He can also delete them from database. Theory about technologies which are used for implementation of this application. It is talked about web Apache server, database MySQL server and programmable PHP language. There is also mentioned information about security of web application included possible attacks on applications and their database. It is presented proposal of database which creates core of application. This proposal is depended on application requirements. Next chapters give to reader whole image about functionality of application. There are mentioned samples of final graphical image of application. This document also provides the shows of source codes for creating database tables.
31
Holmberg, Daniel, and Victor Nyberg. "Functional and Security Testing of a Mobile Client-Server Application." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148710.
Full textAbstract:
Today’s massive usage of smartphones has put a high demand on all application developers in the matter of security. For us to be able to keep using all existing and new applications, a process that removes significant security vulnerabilities is essential. To remove these vulnerabilities, the applications have to be tested. In this thesis, we identify six methods for functional and security testing of client-server applications running Android and Python Flask. Regarding functional testing, we implement Espresso testing and RESTful API testing. In regards to the security testing of the system, we do not only implement fuzz testing, sniffing, reverse engineering and SQL injection testing on a system developed by a student group in a parallel project, but also discover a significant security vulnerability that directly affects the integrity and reliability of this system. Out of the six identified testing techniques, reverse engineering exposed the vulnerability. In conjunction with this, we verified that the system’s functionality works as it is supposed to.
32
Kadlubiec, Jakub. "Mobilní systém pro sběr zpětné vazby zákazníků." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2013. http://www.nusl.cz/ntk/nusl-236177.
Full textAbstract:
Práce se zabývá popisem tvorby mobilního systému pro monitoring zákaznické spokojenosti a sběr zpětné vazby od návštěvníků v restauracích s názvem Huerate. Komplexně jsou popsané všechny fáze vývoje systému. První část práce se zabývá analýzou existujících řešení a stavem na trhu. Následně jsou na základně komunikace s majiteli restaurací sestaveny požadavky na systém. Nakonec se práce věnuje samotnému návrhu systému, jeho implementaci a nasazení v restauracích. Systém Huerate běží jako webová aplikace a je dostupný na adrese http://huerate.cz.
33
"A research in SQL injection." 2005. http://library.cuhk.edu.hk/record=b5892623.
Full textAbstract:
Leung Siu Kuen.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.
Includes bibliographical references (leaves 67-68).
Abstracts in English and Chinese.
Abstract --- p.i
Acknowledgement --- p.iii
Chapter 1 --- Introduction --- p.1
Chapter 1.1 --- Motivation --- p.1
Chapter 1.1.1 --- A Story --- p.1
Chapter 1.2 --- Overview --- p.2
Chapter 1.2.1 --- Introduction of SQL Injection --- p.4
Chapter 1.3 --- The importance of SQL Injection --- p.6
Chapter 1.4 --- Thesis organization --- p.8
Chapter 2 --- Background --- p.10
Chapter 2.1 --- Flow of web applications using DBMS --- p.10
Chapter 2.2 --- Structure of DBMS --- p.12
Chapter 2.2.1 --- Tables --- p.12
Chapter 2.2.2 --- Columns --- p.12
Chapter 2.2.3 --- Rows --- p.12
Chapter 2.3 --- SQL Syntax --- p.13
Chapter 2.3.1 --- SELECT --- p.13
Chapter 2.3.2 --- AND/OR --- p.14
Chapter 2.3.3 --- INSERT --- p.15
Chapter 2.3.4 --- UPDATE --- p.16
Chapter 2.3.5 --- DELETE --- p.17
Chapter 2.3.6 --- UNION --- p.18
Chapter 3 --- Details of SQL Injection --- p.20
Chapter 3.1 --- Basic SELECT Injection --- p.20
Chapter 3.2 --- Advanced SELECT Injection --- p.23
Chapter 3.2.1 --- Single Line Comment (--) --- p.23
Chapter 3.2.2 --- Guessing the number of columns in a table --- p.23
Chapter 3.2.3 --- Guessing the column name of a table (Easy one) --- p.26
Chapter 3.2.4 --- Guessing the column name of a table (Difficult one) . --- p.27
Chapter 3.3 --- UPDATE Injection --- p.29
Chapter 3.4 --- Other Attacks --- p.30
Chapter 4 --- Current Defenses --- p.32
Chapter 4.1 --- Causes of SQL Injection attacks --- p.32
Chapter 4.2 --- Defense Methods --- p.33
Chapter 4.2.1 --- Defensive Programming --- p.34
Chapter 4.2.2 --- hiding the error messages --- p.35
Chapter 4.2.3 --- Filtering out the dangerous characters --- p.35
Chapter 4.2.4 --- Using pre-complied SQL statements --- p.36
Chapter 4.2.5 --- Checking for tautologies in SQL statements --- p.37
Chapter 4.2.6 --- Instruction set randomization --- p.38
Chapter 4.2.7 --- Building the query model --- p.40
Chapter 5 --- Proposed Solution --- p.43
Chapter 5.1 --- Introduction --- p.43
Chapter 5.2 --- Natures of SQL Injection --- p.43
Chapter 5.3 --- Our proposed system --- p.44
Chapter 5.3.1 --- Features of the system --- p.44
Chapter 5.3.2 --- Stage 1 - Checking with current signatures --- p.45
Chapter 5.3.3 --- Stage 2 - SQL Server Query --- p.45
Chapter 5.3.4 --- Stage 3 - Error Triggering --- p.46
Chapter 5.3.5 --- Stage 4 - Alarm --- p.50
Chapter 5.3.6 --- Stage 5 - Learning --- p.50
Chapter 5.4 --- Examples --- p.51
Chapter 5.4.1 --- Defensing BASIC SELECT Injection --- p.52
Chapter 5.4.2 --- Defensing Advanced SELECT Injection --- p.52
Chapter 5.4.3 --- Defensing UPDATE Injection --- p.57
Chapter 5.5 --- Comparison --- p.59
Chapter 6 --- Conclusion --- p.62
Chapter A --- Commonly used table and column names --- p.64
Chapter A.1 --- Commonly used table names for system management --- p.64
Chapter A.2 --- Commonly used column names for password storage --- p.65
Chapter A.3 --- Commonly used column names for username storage --- p.66
Bibliography --- p.67
34
蘇學翔. "Exploiting SQL Injection with Semantic Polymorphism." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/tvz4mu.
Full text
35
Chen, Bo Han, and 陳柏翰. "Effective Practices For Defending SQL Injection Attacks." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/89556774781629620492.
Full textAbstract:
碩士長庚大學
資訊管理學系
98
When setting up a web server to read from a database, it’s important that the designer check the parameter information being passed from the customer to the webpage. Otherwise, the transmission of this data could create opportunities for assailants to find weaknesses which can be used to attack thesystem, possibly leading to loss of corporate or customer information. This study proposes the use of the Acunetix Web Vulnerability Scanner, Barracuda Web Application Firewall, and Splunk search engine to search the web server and Barracuda Web Application Firewall log file to improve defenses against SQL injection attacks by protecting the results of search engine analyses to safeguard feedback. The webpage manager only uses the Barracuda Web Application Firewall to describe the relevant attributes of the webpage outputs, This firewall device, positioned between the network firewall and the Web server, can protect the webpage automatically and can open the Barracuda Web Application Firewall transparent mode, and directly check the output of network user information. The so-called Transparent Mode need not be updated to allow for installation, settings configuration and dynamic packet filtering. Without the need to change the extant webpage application program and database settings, this safeguard can be simply and easily configurated, and operating interfaces can offer multi-lingual support to assist the work of maintenance staff and accelerate the adoption and deployment application of the equipment.
36
Lee, Jieh-Hua, and 李玠樺. "A Layer-based SQL Injection Prevention System." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/86009733947954214171.
Full textAbstract:
碩士銘傳大學
資訊傳播工程學系碩士班
100
Web applications are the most popular services on the Internet. Many services combine database with web applications to provide the necessary information. Security problems with web applications are increasing with the growth of Internet applications. Malicious users are able to use SQL Injection attacks on vulnerabilities of web applications to obtain information in the database or exploit the system. A layer-based SQL Injection prevention system (LBSIPS) is proposed in this paper to protect the database. SQL commands are collected and classified at the first step by using the inline monitor mechanism. Privileges and access control are verified by examining the database and the predefined profile and snort rules are established to filter out suspicious activities at the second step. An inline LBSIPS infrastructure is implemented and the experiment results show SQL attacks are blocked and thus it improves the security of web applications.
37
Wu, Ko-Chih, and 巫格至. "Automated Exploit Generation for SQL Injection Attacks." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/66937924239857964035.
Full textAbstract:
碩士臺灣大學
電子工程學研究所
98
Automated static analysis tools are widely used today for finding input manipulation vulnerabilities in web applications, such as SQL injection. However, these tools may produce many false positives and these reported vulnerabilities cannot be verified easily. To verify these reported vulnerabilities, concrete attack requests need to be constructed and to be submitted to the target application, just like what hackers or black-box tools will do. Our approach is to send concrete exploits and to inspect SQL queries that are executed at run-time. Thus, it is possible to declare the reported vulnerability valid (along with true exploitable SQL commands) or bogus (i.e., false positive). Our technique is proved to be effective after the evaluation against several real-world examples.
38
Lu, Chian-Huey, and 盧芊慧. "Web Platform Independent SQL injection Attack Generation." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/43099096080587428778.
Full textAbstract:
碩士國立交通大學
資訊科學與工程研究所
102
Internet has been an important communication media for our daily life. Most of us access information and save our personal private data in the database through web applications. However, due to the ignorance of secure programming practice of web programmers, hackers may be able to access or destroy data through potential web vulnerabilities. We developed a web platform independent SQL injection attack generation method to improve our former web attack framework called CRAXweb. The system is able to generate exploit for the target web application automatically and acts as a penetration test. CRAXweb is based on S2E, a symbolic execution platform. We accumulate the URLs of target web application through web crawler and send the HTTP request with symbolic variable to the symbolic sensor embedded in the server. For the purpose of improving efficiency of symbolic execution, we adopt the single path concolic execution mode to collect path constraint and generate the exploit. We have applied this method to several known vulnerabilities on open source web applications. The results reveal that CRAXweb is a practical exploit generation tool supporting different web platforms, including PHP, C/C++, Perl, and Python.
39
Aich, Dibyendu. "Secure Query Processing by Blocking SQL Injection." Thesis, 2009. http://ethesis.nitrkl.ac.in/1504/1/thesis_to_upload.pdf.
Full textAbstract:
With the rise of the Internet, web applications, such as online banking and web-based email the web services as an instant means of information dissemination and various other transactions has essentially made them a key component of today‟s Internet infrastructure. Web-based systems consist of both infrastructure components and of application specific code. But there are many reports on intrusion from external hacker which compromised the back end database system, so we introduce briefly the key concepts and problems of information security and we present the major role that SQL Injection is playing in this scenario. SQL-Injection Attacks are a class of attacks that many of these systems are highly vulnerable to, and there is no known fool-proof defense against such attacks. Based on the above analysis and on today's computer security state-of-the-art, we focus our research specifically on the SQLIAs, which are still one of the most exploited and dangerous intrusion techniques used to access web applications.
In this thesis, we propose a technique, which uses runtime validation to detect the occurrence of such attacks, which evaluation methodology is general and adaptable to any existing system. The most available solution of that problem either requires source code modification, which is an overhead to an existing system as well as which can increase the possibilities of new injection points, or required a computational overhead at run time which increase the minimum response time, as well as most of them are not taking the advantage of the modern age processor architecture. To overcome these problems of existing solutions we use link representations which store the valid query structures in terms of an orders sequence of tokens. To perform fast searching among these various lists we start searching in a multithreaded way. To avoid the huge computation over head of string matching algorithm to match two tokens we convert each token into an integer value and store that integer value instead of that token in our database and while searching we simple match these integer values. For finding the correct group of list we use an array representation which eliminates the need of searching the specific group. Even for minimizing the response time we use a hit count method to predict the possible list for searching the incoming query structure. So in a brief this technique eliminates the need of source code modification along with an improved overall efficiency.
40
Sarangi, A., and S. Panchamukhi. "Blocking SQL Injection in Database Stored Procedures." Thesis, 2010. http://ethesis.nitrkl.ac.in/1703/1/Blocking_sql_injection_in_database_stored_procedures.pdf.
Full textAbstract:
This thesis contains a summary of all the work that has been done by us for the B-Tech project in the academic session of 2009-2010. The area chosen for the project was SQL Injection attacks and methods to prevent them, and this thesis goes on to describe four proposed models to block SQL Injection, all of them obtained from published research papers. It then gives the details of the implementation of the model “SQL Injection prevention in database stored procedures” as proposed by K. Muthuprasanna et al, which describes a technique to prevent injections attacks occurring due to dynamic SQL statements in database stored procedures, which are often used in e-commerce applications. The thesis also contains the algorithms used, data flow diagrams for the system, user interface samples and the performance reports. The particulars of some of the modifications made to the proposed model during implementation have also been documented, and there has also been included a section which discusses the possible updations that could be made to the tool, and future work.
41
Chia, Bernard, and 謝孟峰. "Web Forensic: Evidence of SQL Injection Attack Analysis." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/81060912022228427261.
Full textAbstract:
碩士國立臺北大學
資訊工程學系
102
In the WEB 2.0 generation, web attack has become a common issue and is widely used by intruders to exploit and access a system without any authorization. According to a survey from OWASP (Open Web Application Security Project’s), SQL injection attack (SQLIA) is placed first in the OWASP 2013’s top 10 list of cyber threats that is faced by the web service. SQLIA is a technique of inserting SQL meta-characters and commands into web-based input fields to change the original meaning of the SQL queries in order to manipulate the execution of the malicious SQL queries to access the databases unauthorized. SQLIA cannot be detected by any firewall or antivirus because it involves only the injection of one or many meta-characters and hence do not contain any malicious. Hence, forensic analysis is performed to find out the evidence of an attack and this plays an important role to make a conclusion on an incident whether to prove or disprove an intruder’s guilt. In previous researches, there were three ways of performing a forensic analysis namely, simple statistical analysis, parsing capabilities matching and simple signature matching. Thus, a method is proposed by analyzing the URL attack request and decoding the request before analyzing the request with the rule set that is provided by PHPIDS and then cluster these attacks by calculating the distance between every cluster and assigns the distance to the cluster with the nearest centroid point. To find the pattern of the SQL injection to cluster these attacks, a method is proposed whereby the SQL keyword is extracted as a token set from the URL request and then this token set is analyzed based on the K-mean method to find the standard centroid to cluster these attacks.
42
Pieš, Martin. "Systém pro detekci napadení databáze metodou "SQL injection"." Master's thesis, 2010. http://www.nusl.cz/ntk/nusl-286260.
Full text
43
Lin, Che-Chia, and 林哲嘉. "Design and Implementation of SQL Injection Penetration System." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/95134447354413560501.
Full textAbstract:
碩士國立中正大學
通訊工程研究所
101
More and more public web sites contain personal private data and usually store them in an associated database. Web site security becomes important day by day, because once the web site has been compromised numerous private data potentially leak out, threatening to personal privacy. According to Open Web Application Security Project (OWASP) 2013 research, the injection is the first threat of the top 10. Injections contain SQL injection, OS injection and LDAP injection, where the SQL injection is the most threatening among them. This research proposed a penetration testing system aiming at effective and fast detection on website threat of SQL injection. The system has two options: static scanning and dynamic scanning, whose initial target Uniform Resource Locators (URLs) are given by manual setting or popular search engines, respectively. The proposed scheduler can adjust the priority of target URLs according to the degree of suspicion derived from the similarity to URLs of well-known leaks, and accelerate the whole SQL penetration process. Experiments show that both precision and speed of the proposed system are better than a free web penetration tool Paros. Website developers and administrators can quickly and effectively find potential information leaks with this system.
44
Thomas, Stephen M. "Using automated fix generation to mitigate SQL injection vulnerabilities." 2007. http://www.lib.ncsu.edu/theses/available/etd-11062007-151028/unrestricted/etd.pdf.
Full text
45
Migli, Roberto, and 馬若權. "A fast, multi-platform method to detect SQL Injection Attacks." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/66902532536363882776.
Full textAbstract:
碩士國立臺灣科技大學
資訊工程系
97
In these years SQL injection attacks became a major threat for both small and large web sites. This special kind of injection attack exploits vulnerabilities in the web applications that interact with a backend database. In this paper we analyze the SQL injection attack patterns and the previously proposed defense methods. We found that most of the existing researches are able to detect most of the attacks, but they do not consider the complexity involved in using the defense system and the eventual cost of modification of the original program. The proposed method requires no modification of the web application code, and can be adapted to different usage scenarios, involving also different operating systems and server applications. The proposed method is able to detect all the known injection points for the test application. We compare the results achieved with a published paper under the same testing conditions.
46
Bento, Pedro Ricardo Saraiva. "Assessing Web Services Robustness and Security Using Malicious Data Injection." Master's thesis, 2015. http://hdl.handle.net/10316/35521.
Full textAbstract:
Dissertação de Mestrado em Engenharia Informática apresentada à Faculdade de Ciências e Tecnologia da Universidade de Coimbra.A tecnologia Web Services permite ligar aplicações criadas em diferentes plataformas, tendo atingido grande popularidade. Nos últimos anos, o uso desta tecnologia tem aumentado consideravelmente, não só como suporte a ambientes críticos de negócio, mas também em ambientes onde a robustez e segurança dos serviços é vital. Nestes ambientes, a presença de um problema de robustez ou uma vulnerabilidade de segurança pode traduzir-se em perdas a nível financeiro e/ou na reputação do fornecedor do serviço. A falta de metodologias e ferramentas adequadas para a deteção destes problemas é um dos fatores que contribui para a situação atual, onde os serviços falham na presença de entradas inválidas ou maliciosas. Nesta dissertação é discutido o estado da arte em robustez e segurança em Web Services sendo proposta uma abordagem para deteção de falhas desta área. Esta baseia-se na introdução, em tempo de execução, de um conjunto de inputs inválidos e maliciosos num serviço sob teste. Contrariamente à abordagem clássica para deteção destes problemas, as interfaces das aplicações sob teste na abordagem apresentada, são as de contacto com serviços externos, em particular com a base de dados. Deste trabalho resulta também a criação de uma ferramenta de testes, possibilitando a classificação do nível de segurança e robustez de um serviço.
The Web Services technology allows us to connect applications built on different platforms, reaching great popularity. In the last years, the use of this technology has increased considerably, not only to support the critical business environments, but also in environments where robustness and safety of services is vital. The presence of a robustness problem or a security vulnerability can be translated into substantial losses in financial terms and/or reputation of the service provider. The lack of methodologies and tools for the detection of these problems is one of the factors contributing to the current situation where services fail in the presence of invalid or malicious inputs. This dissertation discusses the state of the art of robustness and security in Web Services and proposes an approach for detection of this type of situations. This is based on the introduction, at runtime, of a set of invalid and malicious inputs to a service under test. Unlike the classical approach for detecting these problems, the interfaces of the applications under test in the developed approach, are those that contact with external services, in particular its interface with the database. This work also involves the creation of a testing tool, allowing the classification of the level of robustness and security of a service.
47
Wu, Ching-Ju, and 吳靜茹. "A Defense against SQL Injection Attack through Validation on Input Legitimacy." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/44317375982863901114.
Full textAbstract:
碩士中原大學
資訊工程研究所
97
The development of Web 2.0 brings in the prevalence of web application services based on database support. Along with the increasing interaction with database, web application service programs become complicate, which makes it difficult to guarantee that SQL query constructed using user input is safe to database. Therefore, an effective defense mechanism against SQL injection attack from malicious user is important to the safe use of the valuable content in the database. In this thesis, a novel defense scheme is proposed. Before a web application service program is put into work, a static analysis process is applied to determine the type of each user supplied parameter to be used in constructing SQL queries. Later, when a user input is received at web server at run time, a validation procedure is performed to determine the legitimacy of the input according to its type before it is delivered to corresponding application program to construct SQL query. In this way, the possibility of constructing illegal SQL queries is eliminated. The scheme focus on the input parameters directly related to SQL query construction, which makes it possible to follow SQL syntax precisely and allow atypical yet proper input value. The scheme also avoid the problem of leaking of information internal to the web application service since the validation procedure is performed at web server before user input is delivered to the corresponding application programs. The proposed scheme is transparent to both user and the program developer. It only requires administration effort to run the static analysis process on application programs and to install the validation module in web server to achieve the desired protection against SQL injection attacks.
48
Huang, Hao-lun, and 黃浩倫. "TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/79047244359095359380.
Full textAbstract:
碩士國立中央大學
資訊工程研究所
98
Web-based applications have become the major means of providing services by web servers and databases. These applications are the frequent target for attacks be-cause the databases underlying Web applications often contain private information (e.g., user accounts and financial records). In particular, SQL injection attacks, a class of injection flaw in which specially crafted input strings leads to illegal queries to da-tabases, are one of the topmost threats to web applications. A number of research pro-totypes and commercial products that maintain the queries structure in web applica-tions have been developed but these techniques fail to address the full scope of the problem or have limitations. In this paper, we propose a novel and effective mechanism for automatically translating SQL requests to LDAP-equivalent requests to render them secure against SQL injection attacks. After queries are executed on SQL database and LDAP, our technique checks the difference in responses from SQL database and LDAP to prevent SQL injection attacks. We implemented our technique in a tool, TransSQL, consists of two steps. In the preprocessing step, Database Duplicating process, we adopt sqldump program to extract entire information of SQL database that could be used to produce LDAP schema and LDAP Data Interchange Format file. In the runtime step, Request Translation process, the technique intercepts SQL queries for translation and checks the results from LDAP against SQL database. TransSQL has been implemented in Java and deployed between web applications and databases. Our empirical evaluation has shown that TransSQL is both effectiveness and efficiency against SQL injection attacks.
49
Lai, Shu Mei, and 賴淑美. "Preventing SQL Injection Attacks Using the Field Attributes of User Input." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/72087296479960095398.
Full textAbstract:
碩士國立政治大學
資訊科學學系
97
With the dynamic development of network application and the increasing population of using internet, providing customer service and making business through network has been a prevalent trend recently. However, the risk appears with this trend. In a borderless net world, threaten comes from all directions. With the progress of information technology, the technique of network attack becomes timeless and widespread. It seems that defense methods have to develop against these attack techniques. But the root of all should regress on the original program design – check the input data of data fields. The prevention of unceasing network attack is precisely check the content of data field and adhere to the webpage security design on principle, furthermore, the authority to access database is essential. Since most existing systems do not have exactly checkpoints of those data fields such as the length, the data type, and the data format, as a result, those conditions resulted in several network attacks like Injection Flaws and XSS. In response to various website attack constantly, the majority remodify the system source code, inspect vulnerabilities by the service of penetration test, and purchase the equipment of Intrusion Prevention Systems(IPS). However, several limitations influence the performance, such as the massive workload of remodify source code, the difficulty to implement the daily penetration test, and the costly expenses of IPS equipment. The fundamental method of this research is to check the input data of data fields which bases on the length, the data type and the data format to check input data. The hypothesis is that to implement the original design principle should prevent most website attacks. Unfortunately, most legacy system programs are massive and numerous. It is time-consuming to review and remodify all the data fields. This research investigates the analysis of network interception, integrates with the database schema and the easy-defined data type, to automatically process these procedures and rapidly generates the checklist of input data. Then, using the method of website dynamic captures technique to receive user request first and webpage input data before the system application commences to process it. According to those input data can be checked by the predefined data filed type and the length, there is no necessary to modify existing systems and can achieve the goal to prevent web attack with the minimum cost.
50
YANG, SHENG-CHUAN, and 楊勝全. "Research on Constructing SQL Injection Defending System Based on Knowledge Base." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/f3a6qw.
Full textAbstract:
碩士中國文化大學
資訊管理學系
106
A rapid developemet of network techonology promotes web application widely ap-plied. The combination of web application and database makes system more com-pli-cated than before. Besides, it is hard to confirm the security of database access re-quest by users. Therefore, we need a defense mechanism which can effectively block the SQL injection for database by malicious users. In this thesis, we propose a defense mecha-nism different from those of other scholars. With our method, we can defend both sin-gle attack and multiple query attack. Before executing database instructions, we store all SQL instrutions composed by users into database. And then, we filter those SQL in-structons with the knowledge from knowledge base. Finally, we pass the filtered SQL instructions to database, executing them and returning the results back to the users. Fol-lowing the method above, we can avoid any SQL instructions containing improper exe-cution.