Secured web application using combination of Query Tokenization and Adaptive Method in preventing SQL Injection Attacks

Othman, Noor Ashitah Abu; Ali, Fakariah Hani Mohd; Noh, Mashyum Binti Mohd

doi:10.1109/i4ct.2014.6914229

Cited by 4 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The sensitive information is exposed during the authentication process as the communication session between client and the OpenStack controller is using HTTP protocol which is not encrypted [22]. Even though the dashboard may have input filtering feature which may prevent a web based attack such as SQL injection [25], based on the experiment result it does not protect user credential data from eavesdropping. This shows that method use in this paper can effectively detect data leakage which occurs on the cloud platform and its infrastructure.…”

Section: Cloud Dashboard Authentication Experiments Resultsmentioning

confidence: 99%

Data Leakage Detection in Cloud Computing Platform

Ariffin¹

2019

IJATCSE

View full text Add to dashboard Cite

The popularity of Cloud Computing technology has made it a norm for IT deployment in enterprise, education and government sectors. But technologies in the cloud such as hypervisor or web-based dashboard have vulnerabilities which can potential cause data leakage. The impact of data leakage is huge, data leak incident at a firm such as Exactis cause 340 million of customer record being exposed. Moreover, the incident lead to financial loss, reputational damage, loss of customer trust and compliance issue to the firm. Therefore, there is a need to address the threat of data leakage in cloud computing platform. This paper presents the topic of data leakage detection in cloud computing platform. First we will discuss about the threat of data leakage during VM migration process and web dashboard authentication in cloud computing platform. To detect the data leakage, this paper proposes a method which involves performing packet capture on the platform. To demonstrate the method, this paper will simulate the threats and verify the data leakage. The results show that data leakage can be detected and verified effectively using the method when cloud management traffic is not encrypted.

show abstract

Section: Cloud Dashboard Authentication Experiments Resultsmentioning

confidence: 99%

Data Leakage Detection in Cloud Computing Platform

Ariffin¹

2019

IJATCSE

View full text Add to dashboard Cite

show abstract

“…In any secure system, password privacy is very crucial; this will cause security issue to the cloud platform as it could lead to data breach, privacy issues and session hijacking. Even if the web interface has mechanism to filter input to prevent SQL injection [28], it may not able to address security on cloud API due to eavesdropping if the packet was not encrypted.…”

Section: Discussionmentioning

confidence: 99%

API Vulnerabilities In Cloud Computing Platform: Attack And Detection

Ariffin¹,

Ibrahim²,

Kasiran³

2020

IJETT

View full text Add to dashboard Cite

Nowadays most of cloud management software such as OpenStack and CloudStack provide an API to facilitate the communication and exchange of data between users, application, cloud components and infrastructure. Due to complexity of cloud management software implementation, the provided API has vulnerabilities which can be exploited by malicious party. Once exploited, it can cause security issue and disrupt the availability of services running on the cloud infrastructure. Hence; it is importance to address cloud API security by identifying potential threats, demonstrating how such threats could be exploited and how to detect such threat. This paper presents the topic of API Vulnerabilities in Cloud Computing Platform: Attack and Detection. We will discuss the vulnerabilities of the API in cloud management software. Based on these vulnerabilities, this paper will demonstrate how eavesdropping on cloud API authentication services and API exhaustion attack can be initiated. To address the threat due to the vulnerabilities of the API, we need to detect attack which exploits the vulnerabilities. Thus this paper also proposes and demonstrates methods to detect such attack effectively. Method to detect ongoing API exhaustion attack will be based on AD3 algorithm. From the experiments result, it shows that attacks on the cloud platform AP can be detected effectively.

show abstract

“…(Lee, Low, & Wong, 2002). Most of IDSs focus on monitoring IP and Network layer of Internet protocol and are not effectively detected SQLIA which is executed on Application layer of Internet protocol shown in Figure 2.4 (Othman, Ali, Noh, & Alam, 2014). Besides, SQLIA is difficult to detect and prevent as it has many types, approaches and various evading SQLIA detection and prevention techniques (Joshi & Geetha, 2014).…”

Section: Concepts and Definitionmentioning

confidence: 99%

Exploring Defense of SQL Injection Attack in Penetration Testing

Zhu

Yan

2017

International Journal of Digital Crime and Forensics

View full text Add to dashboard Cite

SQLIA is adopted to attack websites with and without confidential information.Hackers utilize the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack (DDoS). The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims always are not aware of that their confidential information has been compromised for a long time.The contributions of this thesis are: (1) systematically explore SQLIA, SQLIA prevention in theory; (2)

show abstract

Secured web application using combination of Query Tokenization and Adaptive Method in preventing SQL Injection Attacks

Cited by 4 publications

References 7 publications

Data Leakage Detection in Cloud Computing Platform

Data Leakage Detection in Cloud Computing Platform

API Vulnerabilities In Cloud Computing Platform: Attack And Detection

Exploring Defense of SQL Injection Attack in Penetration Testing

Contact Info

Product

Resources

About