SQL Injection Attacks Prevention System Technology: Review

Kareem, Fairoz Q.; Ameen, Siddeeq Y.; Salih, Azar Abid; Ahmed, Dindar Mikaeel; Kak, Shakir Fattah; Yasin, Hajar Maseeh; Ibrahim, Ibrahim Mahmood; Ahmed, Awder Mohammed; Rashid, Zryan Najat; Omar, Naaman

doi:10.9734/ajrcos/2021/v10i330242

Cited by 24 publications

(5 citation statements)

References 67 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…QR code dapat digunakan dalam beberapa jenis serangan yang berbeda seperti social engineering [8] dan serangan proses otomatis. Serangan proses otomatis dijalankan dengan mengeksploitasi kerentanan SQL injection, command injection, serta serangan Cross-Site Scripting (XSS) [9]. Dalam makalah ini, dijelaskan kerentanan smartphone berkaitan dengan QR code, seluk-beluk QR code dan bagaimana hal itu dimanfaatkan sebagai vektor serangan oleh intruder.…”

Section: Pendahuluanunclassified

Desain Arsitektur Aplikasi Qr Code Sebagai Anti Phishing Serangan Qr Code

Slamet

2023

SPIRIT

View full text Add to dashboard Cite

QR Codes are very vulnerable to falsification because it is difficult to distinguish the original QR Code from a fake QR Code. Because of this vulnerability, the scanning process on fake QR Codes can direct users to dangerous sites with important information or data from the user. To assess QR Code security vulnerabilities and actions using a secure Application-based QR Code Architecture as Anti Phishing against QR Code attacks using hash functions and digital signatures. In experiments simulated attack types to malicious QR codes that redirect users to phishing sites. The real URL is disguised into the QR Code, where the user does not suspect, the URL is redirected to the fake site. As a result, intruders can easily use QR codes as vectors for phishing attacks targeted at smartphone users, even if they are using a browser that has security features.

show abstract

Section: Pendahuluanunclassified

Desain Arsitektur Aplikasi Qr Code Sebagai Anti Phishing Serangan Qr Code

Slamet

2023

SPIRIT

View full text Add to dashboard Cite

show abstract

“…Salah satu jenis cyber attack yang sering digunakan adalah SQL injection. Kerentanan SQL injection membahayakan perlindungan situs web individu dan seluruh infrastruktur database dan jaringan sistem yang menampung aplikasi terkait [5]. Serangan injeksi SQL, biasanya terjadi ketika penyerang mengubah, menghapus, membaca, dan menyalin data dari server basis data dan termasuk serangan aplikasi web yang paling merusak [3].…”

Section: Pendahuluanunclassified

Perbandingan Tools SQL Sus, SQL Ninja, Dan the Mole Dalam Penerapan SQL Injection

Ekayanti

Cintiya

Suartana

et al. 2022

JINTEKS

View full text Add to dashboard Cite

In this modern era, the rapid development of science and technology is certainly very beneficial for human life. However, this development can also bring threats, such as cyber attacks. One type of cyber attack that is often used is SQL injection, which targets database security. Three tools that can be used in testing SQL injection are SQL sus, SQL ninja, and The mole. Testing these three tools uses two operating systems, that is Kali Linux and Windows. The test results are measured based on several parameters, namely, the speed of the tool in responding to commands, the number of stages in its application, the features contained therein, and its efficiency. Based on the test results, it is known that only the sus SQL tool successfully injected a website, while the other two tools failed.

show abstract

“…One of the toughest problems faced by web owners is ensuring that the web server is safe from attacks and misuse (8,9). According to Open Web Application Security Project (OWASP) top 10 (10) SQL injection (SQLi) is one of the most numerous and common attacks that attacks database servers (11) and compromises server services such as: confidentiality, authentication, authorization and integrity (12,13). This technique is commonly used to exploit web-based applications (14,15).…”

Section: Introductionmentioning

confidence: 99%

Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework

Fadlil,

Riadi,

Mu’min

2024

IJE

View full text Add to dashboard Cite

SQL injection (SQLi) is one of the most common attacks against database servers and has the potential to threaten server services by utilizing SQL commands to change, delete, or falsify data. In this study, researchers tested SQLi attacks against websites using a number of tools, including Whois, SSL Scan, Nmap, Open Web Application Security Project (OWASP) Zap, and SQL Map. Then, researchers identified SQLi vulnerabilities on the tested web server. Next, researchers developed and implemented mitigation measures to protect the website from SQLi attacks. Test results using OWASP Zap identified 14 vulnerabilities, with five of them at a medium level of 35%, seven at a low level of 50%, and two at an informational level of 14%. Meanwhile, testing using SQL Map succeeded in gaining access to the database and username on the web server. The next step in this research is to provide recommendations for installing a firewall on the website as a mitigation measure to reduce the risk of SQLi attacks. The main contribution of this research is the development of a structured methodology to identify and address SQLi vulnerabilities in web servers, which play an important role in maintaining data security and integrity in a rapidly evolving online environment.

show abstract

SQL Injection Attacks Prevention System Technology: Review

Cited by 24 publications

References 67 publications

Desain Arsitektur Aplikasi Qr Code Sebagai Anti Phishing Serangan Qr Code

Desain Arsitektur Aplikasi Qr Code Sebagai Anti Phishing Serangan Qr Code

Perbandingan Tools SQL Sus, SQL Ninja, Dan the Mole Dalam Penerapan SQL Injection

Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework

Contact Info

Product

Resources

About