Scribd
Upload
92 views1 page

Studi Kasus SQL Injection Vulnerabilities Assessment

This document discusses a case study assessing SQL injection vulnerabilities in web applications in Bangladesh. It explores how SQL injection attacks work by inserting malicious input into databases through web applications using SQL queries. While many techniques have been introduced to prevent SQL injection and other vulnerabilities, they remain a threat. The paper analyzes SQL injection techniques used on Bangladeshi web applications, using a black box testing approach to test for vulnerabilities involving GET and POST requests.

Uploaded by

'Webber Van Botter
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
92 views1 page

Studi Kasus SQL Injection Vulnerabilities Assessment

This document discusses a case study assessing SQL injection vulnerabilities in web applications in Bangladesh. It explores how SQL injection attacks work by inserting malicious input into databases through web applications using SQL queries. While many techniques have been introduced to prevent SQL injection and other vulnerabilities, they remain a threat. The paper analyzes SQL injection techniques used on Bangladeshi web applications, using a black box testing approach to test for vulnerabilities involving GET and POST requests.

Uploaded by

'Webber Van Botter
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Studi kasus sql injection vulnerabilities

assessment

Web applications provide friendly interface and any time easy accessibility. As the popularity of web
applications is increasing. it is bringing billions of dollars in annual revenue [1]. Various government and
private organizations have started to launch various web application services in Bangladesh such as:
financial transaction and information sharing services. Though launching a web application for each
service has become a trend, the security aspects are not considered as seriously. This places the
companies and the users of the applications in serious security risks. Security issues arise based on the
platform and structure of the web applications. Web applications associate with back-end database for
storing and retrieving real time data. Users provide input though web application to retrieve output
from database. Structured Query language (SQL) is used to retrieve data from database [3]. Intruders
violate the relation between application and database by inserting unauthorized data and thus
prompting the database to act out maliciously [2]. This process of inserting malicious and unchecked
input in database is known SQL injection (SQLi) attack [4]. Another attack that follows the similar
process is cross site scripting (XSS). SQLi and XSS are a potential threat to all database driven web
applications [8], [5]. Over the past few years there has been plenty of research going on in this field of
web application security, their types and their vulnerabilities. Various techniques and firewall have been
introduced to prevent SQLi and XSS vulnerabilities [6], [7]. Yet these vulnerabilities remain threat to web
applications. This paper explores the SQLi vulnerabilities exist in the web applications of Bangladesh. It
presents an analysis of user-input based SQLi technique implemented on the web applications. The
black box approach is used for testing purpose. Get and post based SQLi techniques has been
considered for analysis purpose [8]. This paper is organized as follow, we start by describing SQL, various
SQLi and get and post based SQLi. In section 3 we explain our research methodology. In section 4 we
describe the steps of SQLi we used during the research. Section 5 we discuss our finding through this
research. And then we conclude in section 6.

http://ieeexplore.ieee.org/document/7491565/

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy