2021
DOI: 10.30630/joiv.5.3.470
|View full text |Cite
|
Sign up to set email alerts
|

Web Application Penetration Testing Using SQL Injection Attack

Abstract: A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This res… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
3
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 14 publications
(3 citation statements)
references
References 13 publications
0
3
0
Order By: Relevance
“…Also, [19] stated that 80 percent of the websites that underwent normal testing still had vulnerabilities to SQL injection attacks, indicating that this significant threat exists for web applications. Attackers can gain access to private data, including databases, through flaws in web programs.…”
Section: Owasp Top 10mentioning
confidence: 99%
“…Also, [19] stated that 80 percent of the websites that underwent normal testing still had vulnerabilities to SQL injection attacks, indicating that this significant threat exists for web applications. Attackers can gain access to private data, including databases, through flaws in web programs.…”
Section: Owasp Top 10mentioning
confidence: 99%
“…Not handling special sign characters, such as single quotes (') or double minuses (−), which might enable an application to inject SQL instructions, is what leads to SQL injection, which allows an attacker to input SQL commands into a parameter or form [19]. Additional harmful attacks that SQL injections can carry out include updating, deleting, and inserting data by executing server-side commands that can take and install malicious software such as viruses, exporting valuable information such as emails and passwords to the attacker's remote server, and obtaining user login information [20].…”
Section: Sql Injectionmentioning
confidence: 99%
“…The Open Web Application Security Project (OWASP) puts SQL injection as the top 10 vulnerabilities [5]. The list order of the top 10 vulnerabilities is SQL Injection, broken authentication, sensitive data exposure, XML external entities (XXE), broken access control, security misconfiguration, cross-site scripting (XSS), insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring [6], [7]. Furthermore, phishing typically uses fake emails to trick targets into visiting malicious links [8].…”
Section: Introductionmentioning
confidence: 99%