Your search keyword '"SQL injection"' showing total 1,995 results

1. Security Analysis of SQL Injection Attacks on Multimedia and Journal-Services Sites Using Concatenated Input Validation and Parsing Method (CIVP).

Author

Wijaya, Marvin Chandra

Subjects

DATA security failures, WEB-based user interfaces, WEB databases, CYBERSPACE, PYTHONS, SQL

Abstract

Web applications and databases continue to face grave danger from SQL injection attacks, which can result in unauthorized access, data modification, and system compromise. This report discusses the methods attackers use to exploit SQL injection vulnerabilities and emphasizes the dangers of successful attacks, such as data leaks and system compromise. This research proposes a comprehensive system for detecting SQL injection attacks using concatenated Input Validation and Parsing Method (CIVP). The site used as experimental material is the Multimedia and Journal Services Site. Based on the results of forensic analysis on the Journal Services Site, there were several attacks in cyberspace, including using SQLMAP and Python. The system created has successfully detected SQL injection attacks. Based on the test results, it was found that the use of the method proposed in this study succeeded in making processing time 15.2% more efficient. Experiments carried out with the method proposed in this study succeeded in increasing the attack detection accuracy from 96-97% to 99.5% with a p-value of 0.008446. [ABSTRACT FROM AUTHOR]

Published

2024

2. TPSQLi: Test Prioritization for SQL Injection Vulnerability Detection in Web Applications.

Author

Yang, Guan-Yan, Wang, Farn, Gu, You-Zong, Teng, Ya-Wen, Yeh, Kuo-Hui, Ho, Ping-Hsueh, and Wen, Wei-Ling

Subjects

INFORMATION technology security, COMPUTER security vulnerabilities, SQL, TEST methods, WORKFLOW, COMPUTER software testing

Abstract

The rapid proliferation of network applications has led to a significant increase in network attacks. According to the OWASP Top 10 Projects report released in 2021, injection attacks rank among the top three vulnerabilities in software projects. This growing threat landscape has increased the complexity and workload of software testing, necessitating advanced tools to support agile development cycles. This paper introduces a novel test prioritization method for SQL injection vulnerabilities to enhance testing efficiency. By leveraging previous test outcomes, our method adjusts defense strength vectors for subsequent tests, optimizing the testing workflow and tailoring defense mechanisms to specific software needs. This approach aims to improve the effectiveness and efficiency of vulnerability detection and mitigation through a flexible framework that incorporates dynamic adjustments and considers the temporal aspects of vulnerability exposure. [ABSTRACT FROM AUTHOR]

Published

2024

3. Comparative Analysis of the Performance of Decision Tree and Random Forest Algorithms in SQL Injection Attack Detection

Author

Alfatarizky Budi Aulianoor and Muhammad Koprawi

Subjects

machine learning, decision tree, random forest, sql injection, database, Electronic computers. Computer science, QA75.5-76.95

Abstract

This study compares the performance of two machine learning algorithms the Decision Tree and Random Forest. SQL Injection attacks continue to threaten web applications because they exploit vulnerabilities by injecting malicious code into SQL statements executed on database servers. Therefore, machine learning algorithms are used to identify SQL Injection attacks. The dataset used is 33761 in the form of random query data input in a CSV tabular containing sentence and label columns. The research software used is Google Colaboratory and Microsoft Edge. The series of research conducted by Collect Data is data collection, Preprocessing handling missing values, deleting rows that contain duplicates, and the same query having different labels. Train and Test is used to build models and prepare test data, Build and Compile involves building Decision Tree and Random Forest models. The final step is to evaluate both algorithm models to determine which performs better. After conducting a series of research processes, the results of the Random Forest algorithm are slightly better than the Decision Tree algorithm, with an accuracy of 99.81%, precision of 99.79%, recall of 99.65%, and an average F1-score of 99.72%.

Published

2024

4. SqliGPT: Evaluating and Utilizing Large Language Models for Automated SQL Injection Black-Box Detection.

Author

Gui, Zhiwen, Wang, Enze, Deng, Binbin, Zhang, Mingyuan, Chen, Yitao, Wei, Shengfei, Xie, Wei, and Wang, Baosheng

Subjects

LANGUAGE models, WEB-based user interfaces, SCANNING systems, SQL

Abstract

SQL injection (SQLI) black-box detection, which simulates external attack scenarios, is crucial for assessing vulnerabilities in real-world web applications. However, existing black-box detection methods rely on predefined rules to cover the most common SQLI cases, lacking diversity in vulnerability detection scheduling and payload, suffering from limited efficiency and accuracy. Large Language Models (LLMs) have shown significant advancements in several domains, so we developed SqliGPT, an LLM-powered SQLI black-box scanner that leverages the advanced contextual understanding and reasoning abilities of LLMs. Our approach introduces the Strategy Selection Module to improve detection efficiency and the Defense Bypass Module to address insufficient defense mechanisms. We evaluated SqliGPT against six state-of-the-art scanners using our SqliMicroBenchmark. Our evaluation results indicate that SqliGPT successfully detected all 45 targets, outperforming other scanners, particularly on targets with insufficient defenses. Additionally, SqliGPT demonstrated excellent efficiency in executing detection tasks, slightly underperforming Arachni and SQIRL on 27 targets but besting them on the other 18 targets. This study highlights the potential of LLMs in SQLI black-box detection and demonstrates the feasibility and effectiveness of LLMs in enhancing detection efficiency and accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

5. SQL-ИНЪЕКЦИЯЛАРЫНАН ВЕБ-ҚОСЫМШАЛАР ДЕРЕКТЕР ҚОРЫНЫҢ ОСАЛДЫҒЫН ЖӘНЕ ҚОРҒАНЫСЫН ЗЕРТТЕУ

Author

Рысбекқызы, Б., Кожанова, Д. Т., Кабиева, Г. К., Изат, Ә. Ж., Кадырова, Л. Б., and Леонтьева, А. М.

Subjects

*INFORMATION technology security, *WEB-based user interfaces, *DATABASES, *SECURITY systems, *WEBSITES

Abstract

Currently, web technologies are used everywhere in online stores, banks, and enterprise web pages. At the same time, databases are often used to write web applications. The database is characterized by information security threats. During the authentication process, an attacker can use an information attack such as SQL Injection to gain access to data. The essence of this attack is to exploit an error at the intersection of web technologies and SQL. This is due to the fact that many web pages form a special SQL query to databases to process user data, which can lead to the introduction of malicious code. The article discusses the main threats and vulnerability of web application databases from SQL injections. The work includes an analysis of the main types of SQL injections, methods for detecting and preventing vulnerabilities, as well as approaches to testing web application vulnerabilities. The main focus is on methods for protecting databases from SQL injections and developing practical recommendations for ensuring the security of web applications. The topic of the research is relevant in the modern world, since the Internet has become an integral part of our lives. As the use of apps has increased, the need for security measures to protect sensitive data has also increased. Web application vulnerabilities can lead to security breaches that can result in the loss of users' personal and financial information, damage to organizations' reputations, and legal consequences. [ABSTRACT FROM AUTHOR]

Published

2024

6. Detecting Structured Query Language Injections in Web Microservices Using Machine Learning.

Author

Peralta-Garcia, Edwin, Quevedo-Monsalbe, Juan, Tuesta-Monteza, Victor, and Arcila-Diaz, Juan

Subjects

LITERATURE reviews, SUPPORT vector machines, RANDOM forest algorithms, WEB-based user interfaces, DECISION trees, MACHINE learning, SOFTWARE architecture

Abstract

Structured Query Language (SQL) injections pose a constant threat to web services, highlighting the need for efficient detection to address this vulnerability. This study compares machine learning algorithms for detecting SQL injections in web microservices trained using a public dataset of 22,764 records. Additionally, a software architecture based on the microservices approach was implemented, in which trained models and the web application were deployed to validate requests and detect attacks. A literature review was conducted to identify types of SQL injections and machine learning algorithms. The results of random forest, decision tree, and support vector machine were compared for detecting SQL injections. The findings show that random forest outperforms with a precision and accuracy of 99%, a recall of 97%, and an F1 score of 98%. In contrast, decision tree achieved a precision of 92%, a recall of 86%, and an F1 score of 97%. Support Vector Machine (SVM) presented an accuracy, precision, and F1 score of 98%, with a recall of 97%. [ABSTRACT FROM AUTHOR]

Published

2024

7. Methods of Safe Processing of User-Entered Information in Information Systems

Author

Govorova, Svetlana, Ishchenko, Timofey, Khatsukova, Adelaida, Melnikov, Sergey, Govorov, Egor, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Lapina, Maria, editor, Raza, Zahid, editor, Tchernykh, Andrei, editor, Sajid, Mohammad, editor, Zolotarev, Vyacheslav, editor, and Babenko, Mikhail, editor

Published

2024

8. Preventing SQL Injection Attacks on Web Applications for Enhanced Security and CIA Triad Compliance

Author

Rahul, Sriramoju, Kumaran, U., Sai, Thippaluru Tharun, Pramodh, Tripuramallu, Balasubramanian, Sundaravadivazhagn, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Goar, Vishal, editor, Kuri, Manoj, editor, Kumar, Rajesh, editor, and Senjyu, Tomonobu, editor

Published

2024

9. An Advanced Algorithm and Utility for Identifying Critical Web Vulnerabilities with Exceptional Performance

Author

Kiritbhai, Deshani Gaurav, Jitendrabhai, Goda Ronak, Kumbharana, C. K., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Rathore, Vijay Singh, editor, Tavares, Joao Manuel R. S., editor, Surendiran, B., editor, and Yadav, Anil, editor

Published

2024

10. Structured query language injection detection with natural language processing techniques optimized by metaheuristics

Author

Jokic, Aleksandar, Jovic, Nikola, Gajic, Vuk, Svicevic, Marina, Pavkovic, Milos, Petrovic, Aleksandar, Fournier-Viger, Philippe, Series Editor, Bacanin, Nebojsa, editor, and Shaker, Hothefa, editor

Published

2024

11. Optimizing SQL injection detection using BERT encoding and AdaBoost Classification

Author

Zivkovic, Miodrag, Jovanovic, Luka, Bukumira, Milos, Antonijevic, Milos, Mladenovic, Djordje, Al Washahi, Maryam, Bacanin, Nebojsa, Fournier-Viger, Philippe, Series Editor, Bacanin, Nebojsa, editor, and Shaker, Hothefa, editor

Published

2024

12. Enhancing Web Browser Extensions: Preventing JavaScript Code Injection and Vulnerabilities

Author

Singh, Teekam, Singh, Kamred Udham, Varshney, Neeraj, Gupta, Prinima, Kumar, Gaurav, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Hassanien, Aboul Ella, editor, Anand, Sameer, editor, Jaiswal, Ajay, editor, and Kumar, Prabhat, editor

Published

2024

13. Fortifying Web Applications: Advanced XSS and SQLi Payload Constructor for Enhanced Security

Author

Ravindran, Rahulkrishnan, Abhishek, S., Anjali, T., Shenoi, Ashwin, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Kaiser, M. Shamim, editor, Xie, Juanying, editor, and Rathore, Vijay Singh, editor

Published

2024

14. SQL Injection Attack Detection Based on Error Code Knowledge

Author

Lin, HongQing, Shao, JianQi, Sun, Ting, Zou, Xue, Wang, HaiFeng, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Dong, Jian, editor, Zhang, Long, editor, and Cheng, Deqiang, editor

Published

2024

15. Adversary Simulation of Structured Query Language (SQL) Injection Attack Using Genetic Algorithm for Web Application Firewalls (WAF) Bypass

Author

Bahruddin, Habib, Suryani, Vera, Wardana, Aulia Arif, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, and Arai, Kohei, editor

Published

2024

16. SQL Injection Attack Detection and Prevention Based on Manipulating the SQL Query Input Attributes

Author

Mahesh, R., Chellathurai, Samuel, Thirunavukkarasu, Meyyappan, Raman, Pandiselvam, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Aurelia, Sagaya, editor, J., Chandra, editor, Immanuel, Ashok, editor, Mani, Joseph, editor, and Padmanabha, Vijaya, editor

Published

2024

17. A deep learning approach based on multi-view consensus for SQL injection detection.

Author

Kakisim, Arzu Gorgulu

Subjects

*DEEP learning, *CONVOLUTIONAL neural networks, *SQL, *ARTIFICIAL intelligence

Abstract

SQL injection (SQLi) attacks are one of the oldest and most serious security threats, consistently ranking among the top ten critical web security risks. Traditional defense mechanisms against SQL injection predominantly use blacklists to disallow common injection characters or terms. However, the major challenge for these systems is to create a comprehensive list of potential SQLi characters, terms, and multi-terms that encompass various types of SQLi attacks (time-based, error-based, etc.), taking into account various SQL datasets (such as MySQL, Oracle, and NoSQL). Recently, some research studies have concentrated on feature learning from SQL queries by applying some well-known deep architectures to detect SQLi attacks. Motivated by a similar objective, this research introduces a novel deep learning-based SQLi detection system named "Bidirectional LSTM-CNN based on Multi-View Consensus" (MVC-BiCNN). The proposed method implements a pre-processing step that generates multiple views from SQL data by semantically encoding SQL statements into their corresponding SQL tags. By utilizing two different main layers, which are bidirectional long short-term memory (LSTM) and convolutional neural network (CNN), the proposed method learns a joint latent space from multi-view representations. In the detection phase, the proposed method yields separate predictions for each representation and assesses whether the query constitutes an SQLi attack based on a consensus function's output. Moreover, Interpretable Model-Agnostic Annotations (LIME), one of the methods of Explainable Artificial Intelligence (XAI), is employed for the purpose of interpreting the model's results and analyzing the SQL injection (SQLi) inputs. The experimental results demonstrate that MVC-BiCNN outperforms the baseline methods, yielding 99.96% detection rate. [ABSTRACT FROM AUTHOR]

Published

2024

18. PROGESI: A PROxy Grammar to Enhance Web Application Firewall for SQL Injection Prevention

Author

Antonio Coscia, Vincenzo Dentamaro, Stefano Galantucci, Antonio Maci, and Giuseppe Pirlo

Subjects

Context-free grammar, proxy, SQL injection, web application firewall, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

A web application is prone to security threats due to its open nature. The security of these platforms is imperative for organizations of all sizes because they store sensitive information. Consequently, exploiting web application vulnerabilities could result in large-scale data breaches and significant brand and financial damages. SQL injection (SQLi) represents a popular attack vector that malicious actors use to compromise website security. Web application firewalls (WAFs) play a primary role in preventing such malicious attack typologies. In the recent literature, several advances have been proposed in the field of WAF enhancement to prevent SQLi exploitation. However, many of them test the effectiveness of a WAF without releasing a patch to fix security flaws if a WAF is bypassed. In other cases, the patch is distributed exclusively according to the syntax specified by the WAF tested. This paper introduces a framework that leverages PROxy Grammar to Enhance web application firewalls for SQL Injection prevention (PROGESI). The proposed solution can act as an intermediary layer between the targeted web server and the incoming application level requests. Specifically, PROGESI can be used individually or in combination with a WAF and includes a series of rules that patch SQLi vulnerabilities exposed by a specific web server. Furthermore, it can identify and mitigate SQLi attempts, also when attackers use mutation techniques, since the rules used encompass generalization mechanisms. The experiments performed revealed two strengths of PROGESI: (i) the ability to identify SQLi even in the presence of server-side defense mechanisms, which increases as the generalization rate implemented by the rule generation algorithm increases; (ii) impressive detection performance even for low generalization rate values, which is higher than that achieved by competitors using a state-of-the-art SQLi dataset.

Published

2024

19. TPSQLi: Test Prioritization for SQL Injection Vulnerability Detection in Web Applications

Author

Guan-Yan Yang, Farn Wang, You-Zong Gu, Ya-Wen Teng, Kuo-Hui Yeh, Ping-Hsueh Ho, and Wei-Ling Wen

Subjects

software testing, penetration testing, automatic testing, information security, SQL injection, testing priority, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

The rapid proliferation of network applications has led to a significant increase in network attacks. According to the OWASP Top 10 Projects report released in 2021, injection attacks rank among the top three vulnerabilities in software projects. This growing threat landscape has increased the complexity and workload of software testing, necessitating advanced tools to support agile development cycles. This paper introduces a novel test prioritization method for SQL injection vulnerabilities to enhance testing efficiency. By leveraging previous test outcomes, our method adjusts defense strength vectors for subsequent tests, optimizing the testing workflow and tailoring defense mechanisms to specific software needs. This approach aims to improve the effectiveness and efficiency of vulnerability detection and mitigation through a flexible framework that incorporates dynamic adjustments and considers the temporal aspects of vulnerability exposure.

Published

2024

20. Simulating all archetypes of SQL injection vulnerability exploitation using reinforcement learning agents.

Author

Sommervoll, Åvald Åslaugson, Erdődi, László, and Zennaro, Fabio Massimo

Subjects

*SQL, *REINFORCEMENT learning, *ARCHETYPES, *REINFORCEMENT (Psychology), *TRANSFER of training

Abstract

Vulnerabilities such as SQL injection represent a serious challenge to security. While tools with a pre-defined logic are commonly used in the field of penetration testing, the continually evolving nature of the security challenge calls for models able to learn autonomously from experience. In this paper we build on previous results on the development of reinforcement learning models devised to exploit specific forms of SQL injection, and we design agents that are able to tackle a varied range of SQL injection vulnerabilities, virtually comprising all the archetypes normally considered by experts. We show that our agents, trained on a synthetic environment, perform a transfer of learning among the different SQL injections challenges; in particular, they learn to use their queries to efficiently gain knowledge about multiple vulnerabilities at once. We also introduce a novel and more versatile way to interpret server messages that reduces reliance on expert inputs. Our simulations show the feasibility of our approach which easily deals with a number of homogeneous challenges, as well as some of its limitations when presented with problems having higher degrees of uncertainty. [ABSTRACT FROM AUTHOR]

Published

2024

21. Computer Forensics of Hacked Websites.

Author

Yu Qiao and Mogos, Gabriela

Subjects

DIGITAL forensics, COMPUTER hacking, DATABASES, DIGITAL technology, WEB-based user interfaces, SECURITY classification (Government documents)

Abstract

With the development of technology, more and more families are connected into a big digital world through the Internet which brings about an increasing number of targets for hackers to fulfill crime. Almost everyone in each family lives rely on the latest network applications such as e-bank, e-library, e-mail and so on. The more dependent on the web applications the more likely we are being attacked on the Internet. Not only the users of the web applications and website will face cyberattack but also the companies who carried out these applications and website meet hackers' threats. Hacking attempts are a common illegal action recently because most hackers hack into people's computer or companies' database for not only extort a respectable sum of money but also some classified documents. Internet hacking is happening everyday all over the world except a computer can be locked in a finite place with limited access and almost not connected to the outside Internet world. In this paper, we use attack scenarios on a vulnerable web application with widespread types of attacks: SQL Injection attack and XSS attack which are usually performed by using a web browser. We tried to set up some testing target machines such as DWVA and OWASP and establish a simple victim website and a simple detecting code in the end. Also, we use computer forensic analysis technic of attacker and victim machine to find some clues and finally try to find some possible ways to avoid websites being attacked. Further details will be mentioned in the methodology and result part and finally a future work section will be carried out to conclude the insufficient of this project and some future jobs. [ABSTRACT FROM AUTHOR]

Published

2024

22. Discovery of SQL Injection and Depth Review of Deterrence Techniques for Web Applications.

Author

Bobade, Nilima D. and Sherekar, Swati S.

Subjects

WEB-based user interfaces, SQL, ONLINE social networks, SHOPPING mobile apps, APPLICATION stores

Abstract

In the current scenario use of the Internet for various online services is rising. We are doing online shopping, banking, booking, trading and accessing social networking site with the help of web applications or mobile apps. Database of the web application is the treasure which contains sensitive and valuable information of an individual such as personal, financial, medical and organization .This led to need for assuring confidentiality, Integrity, and availability of user data. Whether it’s a small or enterprise web application the data stored by that application is crucial. The motive of this paper is to explain sql Injection and SQL Injection attack process . It describes the impact of SQL Injection and types of SQL Injection attack and categorize it. At last it summarizes and review the analysis of SQL Injection detection and prevention technique according to each author on the basis of algorithm technique, dataset, platform used, results and future scope . This analytical review will be helpful to the researcher for further research in the interested area of SQL Injection. [ABSTRACT FROM AUTHOR]

Published

2024

23. Securing Against Advanced Cyber Threats: A Comprehensive Guide to Phishing, XSS, and SQL Injection Defense.

Author

Nair, Sunil Sukumaran

Subjects

INTERNET security, PHISHING, EMPLOYEE training, RISK management in business, SQL

Abstract

In an era dominated by digital connectivity, the proliferation of advanced cyber threats poses a formidable challenge to organizations worldwide. This comprehensive guide delves into the intricacies of safeguarding against three prevalent and insidious threats: Phishing, Cross-Site Scripting (XSS), and SQL Injection. The guide begins by dissecting the anatomy of phishing attacks, exploring the psychological tactics employed by threat actors to manipulate individuals into divulging sensitive information. It provides an in-depth analysis of various phishing techniques and offers practical strategies for both individuals and organizations to fortify their defenses against these deceptive practices. Moving on to XSS vulnerabilities, the guide elucidates the mechanics behind this web application threat. It offers a detailed exploration of how attackers exploit code injection to compromise user data and system integrity. The guide provides a robust framework for developing secure coding practices, implementing web application firewalls, and conducting regular security audits to detect and mitigate XSS vulnerabilities. The third facet of defense focuses on SQL injection, a persistent threat to database-driven applications. The guide elucidates the intricacies of SQL injection attacks, emphasizing the potential impact on data confidentiality and integrity. Practical measures for securing databases, input validation, and the use of parameterized queries are extensively discussed to empower organizations in safeguarding against SQL injection threats. Throughout the guide, a holistic approach to cybersecurity is advocated, emphasizing the integration of technological solutions, employee training, and proactive risk management. Real-world case studies and practical examples enrich the content, providing a valuable resource for security professionals, developers, and decision-makers striving to fortify their digital assets against the ever-evolving landscape of advanced cyber threats. [ABSTRACT FROM AUTHOR]

Published

2024

24. СТРАТЕГІЇ ТА ІННОВАЦІЙНІ ПІДХОДИ ДО ЗАХИСТУ БАЗ ДАНИХ В ЕПОХУ ЗРОСТАЮЧИХ КІБЕРЗАГРОЗ.

Author

Гарасимчук, Олег and Бужович, Оксана

Abstract

In today's digital environment, where databases play a critical role in storing and processing important information for various spheres of human activity, protection against cyber threats becomes an extremely urgent task. This accordingly places new demands and responsibilities on organizations. Modern technologies not only facilitate access to data, but also threaten its confidentiality and integrity. The rapid and ever-growing challenges of cyber secu)rity require the development of effective strategies and innovative approaches to database protection that ensure the reliability and resilience of databases in the face of ever-increasing cyber-attacks and security breaches. The work deals in detail with the organization of effective protection of information stored in databases. The main methods of infor)mation protection in databases are analyzed, in particular data encryption, mechanisms of authentication, access con)trol and monitoring of user activity. Their advantages and disadvantages are defined, as well as the possible conse)quences for data in case of non-compliance with these protection methods. The article highlights the importance of constant monitoring and analysis of user activity for timely detection and response to possible data security threats in the database system. The importance of a comprehensive approach to protection, which takes into account the specifics of a specific organization and allows to ensure an effective level of data security, is emphasized. [ABSTRACT FROM AUTHOR]

Published

2024

25. SqliGPT: Evaluating and Utilizing Large Language Models for Automated SQL Injection Black-Box Detection

Author

Zhiwen Gui, Enze Wang, Binbin Deng, Mingyuan Zhang, Yitao Chen, Shengfei Wei, Wei Xie, and Baosheng Wang

Subjects

SQL injection, large language models, black-box detection, SqliGPT, detection efficiency and accuracy, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

SQL injection (SQLI) black-box detection, which simulates external attack scenarios, is crucial for assessing vulnerabilities in real-world web applications. However, existing black-box detection methods rely on predefined rules to cover the most common SQLI cases, lacking diversity in vulnerability detection scheduling and payload, suffering from limited efficiency and accuracy. Large Language Models (LLMs) have shown significant advancements in several domains, so we developed SqliGPT, an LLM-powered SQLI black-box scanner that leverages the advanced contextual understanding and reasoning abilities of LLMs. Our approach introduces the Strategy Selection Module to improve detection efficiency and the Defense Bypass Module to address insufficient defense mechanisms. We evaluated SqliGPT against six state-of-the-art scanners using our SqliMicroBenchmark. Our evaluation results indicate that SqliGPT successfully detected all 45 targets, outperforming other scanners, particularly on targets with insufficient defenses. Additionally, SqliGPT demonstrated excellent efficiency in executing detection tasks, slightly underperforming Arachni and SQIRL on 27 targets but besting them on the other 18 targets. This study highlights the potential of LLMs in SQLI black-box detection and demonstrates the feasibility and effectiveness of LLMs in enhancing detection efficiency and accuracy.

Published

2024

26. The Effectiveness of Parameterized Queries in Preventing SQL Injection Attacks at Go

Author

Sidik, Rizaldi Fatah, Yutia, Syifa Nurgaida, Fathiyana, Rana Zaini, Appolloni, Andrea, Series Editor, Caracciolo, Francesco, Series Editor, Ding, Zhuoqi, Series Editor, Gogas, Periklis, Series Editor, Huang, Gordon, Series Editor, Nartea, Gilbert, Series Editor, Ngo, Thanh, Series Editor, Striełkowski, Wadim, Series Editor, Sulistiyo, Mahmud Dwi, editor, and Nugraha, Ryan Adhitya, editor

Published

2023

27. Systematic Literature Review of Methods Used for SQL Injection Detection Based on Intelligent Algorithms

Author

Navarro-Cáceres, Juan José, Crespo-Martínez, Ignacio Samuel, Campazas-Vega, Adrián, Guerrero-Higueras, Ángel Manuel, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, García Bringas, Pablo, editor, Pérez García, Hilde, editor, Martínez de Pisón, Francisco Javier, editor, Martínez Álvarez, Francisco, editor, Troncoso Lora, Alicia, editor, Herrero, Álvaro, editor, Calvo Rolle, José Luis, editor, Quintián, Héctor, editor, and Corchado, Emilio, editor

Published

2023

28. A Clustering-Based Approach for Effective Prevention of SQL Injections

Author

Shah, Smit P., Krishna, V. Achyuta, Kartheek, V. L., Gururaj, R., Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Zhang, Junjie James, Series Editor, Tan, Kay Chen, Series Editor, Rao, Udai Pratap, editor, Alazab, Mamoun, editor, Gohil, Bhavesh N., editor, and Chelliah, Pethuru Raj, editor

Published

2023

29. Multi-input MLP and LSTM-Based Neural Network Model for SQL Injection Detection

Author

Sharma, Vishal, Kumar, Sachin, Bansal, Jagdish Chand, Series Editor, Deep, Kusum, Series Editor, Nagar, Atulya K., Series Editor, Shukla, Praveen Kumar, editor, Singh, Krishna Pratap, editor, Tripathi, Ashish Kumar, editor, and Engelbrecht, Andries, editor

Published

2023

30. Comparative Study of Machine Learning Algorithms for Prediction of SQL Injections

Author

Sharma, Vishal, Kumar, Sachin, Bansal, Jagdish Chand, Series Editor, Deep, Kusum, Series Editor, Nagar, Atulya K., Series Editor, Shukla, Praveen Kumar, editor, Singh, Krishna Pratap, editor, Tripathi, Ashish Kumar, editor, and Engelbrecht, Andries, editor

Published

2023

31. SQL Injection and Its Detection Using Machine Learning Algorithms and BERT

Author

Lodha, Srishti, Gundawar, Atharva, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Gupta, Nishu, editor, Pareek, Prakash, editor, and Reis, M.J.C.S., editor

Published

2023

32. Tool-Based Prediction of SQL Injection Vulnerabilities and Attacks on Web Applications

Author

Padmaja, B., Sekhar, G. Chandra, Rama Padmaja, Ch. V., Chandana, P., Krishna Rao Patro, E., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Bhateja, Vikrant, editor, Mohanty, Jnyana Ranjan, editor, Flores Fuentes, Wendy, editor, and Maharatna, Koushik, editor

Published

2023

33. SQL Injection Detection Using Machine Learning with Different TF-IDF Feature Extraction Approaches

Author

Oudah, Mohammed A., Marhusin, Mohd Fadzli, Narzullaev, Anvar, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Al-Emran, Mostafa, editor, Al-Sharafi, Mohammed A., editor, and Shaalan, Khaled, editor

Published

2023

34. ADT-SQLi : An Automated Detection of SQL Injection Vulnerability in Web Applications

Author

Hassan, Md. Maruf, Risha, Rafika, Esha, Ashrafia, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Basu, Subhadip, editor, Kole, Dipak Kumar, editor, Maji, Arnab Kumar, editor, Plewczynski, Dariusz, editor, and Bhattacharjee, Debotosh, editor

Published

2023

35. DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS

Author

Muhammad Fahmi Al Azhar and Ruki Harwahyu

Subjects

static analysis, sql injection, php, codeigniter, Engineering (General). Civil engineering (General), TA1-2040

Abstract

QL Injection attacks are still one type of attack that often occurs in web-based applications. The causes and ways to prevent SQL Injection have been widely explained in various sources. Unfortunately, until now, SQL Injection vulnerabilities are still often found in multiple applications. Web-based application frameworks that already have functions to protect against attacks are often not used optimally. This is inseparable from the role of programmers, who often forget the rules for writing program code to prevent SQL Injection attacks. We conducted this research to detectSQL Injection vulnerabilities in source code using a case study of the PHP CodeIgniter framework. We compared this research with static analysis tools like RIPS, Synopsys Coverity, and Sonarqube. The tool we have developed can detect SQL Injection vulnerabilities that cannot be detected by the two tools with an accuracy of 88.8%. The results of our research can provide suggestions for programmers so that they can improve the code they write.

Published

2023

36. SQL Injection Detection Using RNN Deep Learning Model

Author

Abdulbasit ALAzzawi

Subjects

SQL injection, Recurrent Neural Network (RNN), Deep learning, Classification, Engineering (General). Civil engineering (General), TA1-2040, Technology (General), T1-995

Abstract

SQL injection attacks are a common type of cyber-attack that exploit vulnerabilities in web applications to access databases through malicious SQL queries. These attacks pose a serious threat to the security and integrity of web applications and their data. The existing methods for detecting SQL injection attacks are based on predefined rules that can be easily circumvented by sophisticated attackers. Therefore, there is a need for a more robust and effective method for detecting SQL injection attacks. In this research, we propose a novel method for detecting SQL injection attacks using recurrent neural networks (RNN), which are a type of deep learning model that can capture the syntax and semantic features of SQL queries. We train an RNN model on a dataset of benign and malicious SQL queries, and use it to classify queries as either benign or malicious. We evaluate our method on a benchmark dataset and compare it with the existing rule-based methods. Our experimental results show that our method achieved high accuracy and outperformed the rule-based methods for detecting SQL injection attacks. Our research contributes to the field of web application security by providing a new and effective solution for protecting web applications from SQL injection attacks using deep learning. Our method has both practical and theoretical implications, as it can be easily integrated into existing web application security frameworks to provide an additional layer of protection against SQL injection attacks, and it can also advance the understanding of how deep learning models can be applied to natural language processing tasks such as SQL query analysis.

Published

2023

37. Injections Attacks Efficient and Secure Techniques Based on Bidirectional Long Short Time Memory Model.

Author

Farea, Abdulgbar A. R., Amran, Gehad Abdullah, Farea, Ebraheem, Alabrah, Amerah, Abdulraheem, Ahmed A., Mursil, Muhammad, and Al-qaness, Mohammed A. A.

Subjects

SQL, WEB-based user interfaces, ONLINE banking

Abstract

E-commerce, online ticketing, online banking, and other web-based applications that handle sensitive data, such as passwords, payment information, and financial information, are widely used. Various web developers may have varying levels of understanding when it comes to securing an online application. Structured Query language SQL injection and cross-site scripting are the two vulnerabilities defined by the OpenWeb Application Security Project (OWASP) for its 2017 Top Ten List Cross Site Scripting (XSS). An attacker can exploit these two flaws and launch malicious web-based actions as a result of these flaws. Many published articles focused on these attacks' binary classification. This article described a novel deep-learning approach for detecting SQL injection and XSS attacks. The datasets for SQL injection and XSS payloads are combined into a single dataset. The dataset is labeledmanually into three labels, each representing a kind of attack. This work implements some pre-processing algorithms, including Porter stemming, one-hot encoding, and the word-embedding method to convert a word's text into a vector. Our model used bidirectional long short-term memory (BiLSTM) to extract features automatically, train, and test the payload dataset. The payloads were classified into three types by BiLSTM: XSS, SQL injection attacks, and normal. The outcomes demonstrated excellent performance in classifying payloads into XSS attacks, injection attacks, and non-malicious payloads. BiLSTM's high performance was demonstrated by its accuracy of 99.26%. [ABSTRACT FROM AUTHOR]

Published

2023

38. Detecting Structured Query Language Injections in Web Microservices Using Machine Learning

Author

Edwin Peralta-Garcia, Juan Quevedo-Monsalbe, Victor Tuesta-Monteza, and Juan Arcila-Diaz

Subjects

SQL injection, machine learning, web applications, microservices, detection, Information technology, T58.5-58.64

Abstract

Structured Query Language (SQL) injections pose a constant threat to web services, highlighting the need for efficient detection to address this vulnerability. This study compares machine learning algorithms for detecting SQL injections in web microservices trained using a public dataset of 22,764 records. Additionally, a software architecture based on the microservices approach was implemented, in which trained models and the web application were deployed to validate requests and detect attacks. A literature review was conducted to identify types of SQL injections and machine learning algorithms. The results of random forest, decision tree, and support vector machine were compared for detecting SQL injections. The findings show that random forest outperforms with a precision and accuracy of 99%, a recall of 97%, and an F1 score of 98%. In contrast, decision tree achieved a precision of 92%, a recall of 86%, and an F1 score of 97%. Support Vector Machine (SVM) presented an accuracy, precision, and F1 score of 98%, with a recall of 97%.

Published

2024

39. An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection.

Author

Stiawan, Deris, Bardadi, Ali, Afifah, Nurul, Melinda, Lisa, Heryanto, Ahmad, Septian, Tri Wanda, Idris, Mohd Yazid, Subroto, Imam Much Ibnu, Lukman, and Budiarto, Rahmat

Subjects

SQL, DATA modeling, INFORMATION resources management, MULTIPLE correspondence analysis (Statistics), DATA management

Abstract

The Repository Mahasiswa (RAMA) is a national repository of research reports in the form of final assignments, student projects, theses, dissertations, and research reports of lecturers or researchers that have not yet been published in journals, conferences, or integrated books from the scientific repository of universities and research institutes in Indonesia. The increasing popularity of the RAMA Repository leads to security issues, including the two most widespread, vulnerable attacks i.e., Structured Query Language (SQL) injection and cross-site scripting (XSS) attacks. An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous. This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks. The proposed system combines a Long Short-Term Memory and Principal Component Analysis (LSTM-PCA) model as a classifier. This model can effectively solve the vanishing gradient problem caused by excessive positive samples. The experiment results show that the proposed system achieves an accuracy of 96.85% using an 80%:20% ratio of training data and testing data. The rationale for this best achievement is that the LSTM's Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks' patterns. The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded. In addition, the LSTM's Input Gate assists in finding out crucial information and stores specific relevant data in the memory. [ABSTRACT FROM AUTHOR]

Published

2023

40. A systematic review of detection and prevention techniques of SQL injection attacks.

Author

Nasereddin, Mohammed, ALKhamaiseh, Ashaar, Qasaimeh, Malik, and Al-Qassas, Raad

Subjects

*SQL, *DATABASES, *WEB-based user interfaces, *RESEARCH questions

Abstract

SQL injection is a type of database-targeted attack for data-driven applications. It is performed by inserting malicious code in the SQL query to alter and modify its meaning, enabling the attacker to retrieve sensitive data or to access the database. Many techniques have been improved and proposed to detect and mitigate these types of attacks. This paper provides a systematic review for a pool of 60 papers on web applications' SQL injection detection methods. The pool was selected using a developed searching and filtering methodology for the existing literature based on scholar databases (IEEE, ScienceDirect, and Springer) with the aim to provide specific answering for several research questions in the area of SQL injection detection. This provides a basis for the design and use of effective SQL injection detection methods. [ABSTRACT FROM AUTHOR]

Published

2023

41. Web Entity Protection System.

Author

Yadav, Saurabh, Rangroo, Tushar, M., Nishanth, Revankar, Suhan B., and D., Annapurna

Subjects

GOVERNMENT information, SECURITY systems, WEB-based user interfaces

Abstract

Cyber-attacks can be extremely dangerous for not only organizations, but the nation too. These attacks if not controlled at early stages will have a severe impact on the economy. The increase in the number of attacks has made security measures mandatory. They include personal information, property, government information theft, Denial of Service, Infrastructure damage etc. This paper aims at Identifying potential vulnerabilities in a web facing entity and suggesting recommendations or patches to fix it. The main reason and goal of the project is to improvise web apps security before it is deployed and made available for public use. The user / developer can use and perform automated scans to detect possible vulnerabilities, store detailed information obtained from them for further analysis and also suggest possible countermeasures if within scope. This aims to help a non-security person or a very small startup with minimal knowledge on security practices to detect presence of vulnerabilities in their product and mitigate them before a hacker takes advantage of vulnerability by exploiting the same. This serves more like a pre-deployment tool. [ABSTRACT FROM AUTHOR]

Published

2023

42. A Comparative Analysis of Web Application Vulnerability Tools.

Author

Lainez Garcia, Susana Paola, Abraham, Amy S., Kepic, Kristina, and Cankaya, Ebru Celikel

Subjects

WEB-based user interfaces, COMPUTER network security, ARTIFICIAL intelligence, INFORMATION technology, PROJECT management

Abstract

Considering the perpetual need for security in network platforms, this study investigates various penetration testing tools in the abundance of options when it comes to network security. This study presents the experimental run results of select penetration testing tools on deliberately vulnerable network traffic, as well as the comparison of those tools. We test three vulnerability assessment tools: ZAP, Vega and Arachni as part of this research in the hope to provide current and practical data for the research community in the network security field. Our choice of vulnerability testing tools is based on the following criteria: being current, usability, reliability (stability), and performance w.r.t speed. Our results demonstrate that each vulnerability assessment tool depicts its own advantages and disadvantages by being better at one or more criteria than the others, but not prevailing in all. This, in turn, suggests that choosing a penetration tool to employ for testing the vulnerability web applications is a challenging decision that should consider multiple parameters, rather than being merely straightforward. [ABSTRACT FROM AUTHOR]

Published

2023

43. AE-Net: Novel Autoencoder-Based Deep Features for SQL Injection Attack Detection

Author

Nisrean Thalji, Ali Raza, Mohammad Shariful Islam, Nagwan Abdel Samee, and Mona M. Jamjoom

Subjects

Autoencoder optimization, deep learning, feature engineering, machine learning, SQL injection, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Structured Query Language (SQL) injection attacks represent a critical threat to database-driven applications and systems, exploiting vulnerabilities in input fields to inject malicious SQL code into database queries. This unauthorized access enables attackers to manipulate, retrieve, or even delete sensitive data. The unauthorized access through SQL injection attacks underscores the critical importance of robust Artificial Intelligence (AI) based security measures to safeguard against SQL injection attacks. This study’s primary objective is the automated and timely detection of SQL injection attacks through AI without human intervention. Utilizing a preprocessed database of 46,392 SQL queries, we introduce a novel optimized approach, the Autoencoder network (AE-Net), for automatic feature engineering. The proposed AE-Net extracts new high-level deep features from SQL textual data, subsequently input into machine learning models for performance evaluations. Extensive experimental evaluation reveals that the extreme gradient boosting classifier outperforms existing studies with an impressive k-fold accuracy score of 0.99 for SQL injection detection. Each applied learning approach’s performance is further enhanced through hyperparameter tuning and validated via k-fold cross-validation. Additionally, statistical t-test analysis is applied to assess performance variations. Our innovative research has the potential to revolutionize the timely detection of SQL injection attacks, benefiting security specialists and organizations.

Published

2023

44. Provably throttling SQLI using an enciphering query and secure matching

Author

Mohammed Abdulridha Hussain, Zaid Alaa Hussien, Zaid Ameen Abduljabbar, Junchao Ma, Mustafa A. Al Sibahee, Sarah Abdulridha Hussain, Vincent Omollo Nyangaresi, and Xianlong Jiao

Subjects

SQL injection, Cryptography, Searchable encryption, Web application, Internet Security, Electronic computers. Computer science, QA75.5-76.95

Abstract

Web applications, which dominate the internet, act as communication media between customers and service providers. Web applications are an internet innovation that provide customer services such as e-banking, e-commerce and e-booking. Developing web applications has become increasingly complicated because of security threats and service issues that involve valuable information. Attack methods such as structured query language (SQL) injection insert malicious code within user input data requests to gain unauthorised access, and then the attacker targets a database to manipulate information. In this paper, we propose a prevention method against SQL injection attacks through cryptography and searchable encryption. The proposed method uses a cryptography technique to encrypt all database information, where each piece of user information is encrypted with a separate key. The rest of the database information is ciphered with secret keys, and a searchable encryption technique is used for other database operations to preserve privacy. The login process compares the ciphered username from the database and user entry to authenticate the user. The proposed method is implemented on the PHP and MySQL databases, which are open-source applications. The results show efficient prevention of SQL injection, and the database remains protected against SQL injection attacks

Published

2022

45. Vulnerability Scanner: Web-based Security Testing.

Author

ANDRONESCU, Andrei-Daniel, BRĂSLAȘU, Ioana-Ilona, and NĂSTAC, Dumitru-Iulian

Subjects

INTERNET security, TECHNOLOGICAL innovations, COMPUTER software, COMPUTER crimes, WEB-based user interfaces

Abstract

As the use of internet-based software increased, cybersecurity has emerged as a major issue in the current world. The fast-paced technology innovations allowed most companies to scale their business, consumers to access easier their favorite products, thus increasing the reliance on web-based software. The importance of web security cannot be emphasized given the increase in cybercrime and the damage it poses to businesses, people, and governments. This paper proposes an automated solution capable of detecting and exploiting common vulnerabilities found on web-based software, this being done without performing any malicious intended operations. By using software capable of automatically detecting the means a client could communicate with a server, users can ensure that a thorough verification is done on their web-applications, revealing the blind spots that developers may have overlook. [ABSTRACT FROM AUTHOR]

Published

2023

46. A SQL Injection Attack Recognition Model Based on 1D Convolutional Neural Network

Author

Jiang, Jing, Xu, Menghan, Pan, Sen, Zhu, Lipeng, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Yang, Shuo, editor, and Lu, Huimin, editor

Published

2022

47. Deep Learning Approach Based on ADASYN for Detection of Web Attacks in the CICIDS2017 Dataset

Author

Singh, Kuljeet, Mahajan, Amit, Mansotra, Vibhakar, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Rathore, Vijay Singh, editor, Sharma, Subhash Chander, editor, Tavares, Joao Manuel R.S., editor, Moreira, Catarina, editor, and Surendiran, B., editor

Published

2022

48. SQL Injection Attacks, Detection Techniques on Web Application Databases

Author

Singh, Navdeep, Tiwari, Preeti, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Rathore, Vijay Singh, editor, Sharma, Subhash Chander, editor, Tavares, Joao Manuel R.S., editor, Moreira, Catarina, editor, and Surendiran, B., editor

Published

2022

49. Research on SQL Injection Defense Technology Based on Deep Learning

Author

Shi, Weiyu, Liu, Xiaoqian, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Sun, Xingming, editor, Zhang, Xiaorui, editor, and Xia, Zhihua, editor

Published

2022

50. Detecting SQL Injection Vulnerabilities Using Nature-inspired Algorithms

Author

Baptista, Kevin, Bernardino, Anabela Moreira, Bernardino, Eugénia Moreira, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Groen, Derek, editor, de Mulatier, Clélia, editor, Paszynski, Maciej, editor, Krzhizhanovskaya, Valeria V., editor, Dongarra, Jack J., editor, and Sloot, Peter M. A., editor

Published

2022