A Case Study of SQL Injection Vulnerabilities Assessment of. bd Domain Web Applications

Delwar Alam, Md Alamgir Kabir, Touhid Bhuiyan, Tanjila Farah

Research output: Contribution to conferenceConference paper

7 Citations (Scopus)

Abstract

Web applications or services play an important rolein present day to day life. They have impact on the developmentof both individual and a country. Easy access to services suchas online education, banking, reservation, shopping, resources, and information sharing have been proven most efficient forevery day life. Various government and private organizations ofBangladesh have started to use web services to support clients. Most of the web applications of Bangladesh is registered with.bd domain and developed using content management system(CMS), various scripting language and SQL or MySQL database.Web applications are popular target for web attackers. Howeverthe security issues of the.bd domin web applications are notlooked appropriately upon as of yet. One of the most attackedvulnerability of the database driven web applications is SQLinjection or SQLi. SQLi through URL and user-input field isextremely high risk in current web based applications. Restrictinguser access to URL and user input field defies the purpose of webapplications. However, the un-restricted user access exposes thevulnerable fields to web attacks. To prevent these exploitation'sit is essential to have knowledge of the vulnerabilities adversariesuses to exploit the web applications. This paper presents anevaluation and analysis of SQLi vulnerabilities present in theexisting web applications of.bd domain using black box penetration testing approach. User input based SQLi has been used for evaluation.
Original languageEnglish
Pages73-77
Number of pages5
DOIs
Publication statusPublished - 14 Jun 2016
Externally publishedYes
EventProceedings - 4th International Conference on Cyber Security, Cyber Warfare, and Digital Forensics, CyberSec 2015 -
Duration: 14 Jun 2016 → …

Conference

ConferenceProceedings - 4th International Conference on Cyber Security, Cyber Warfare, and Digital Forensics, CyberSec 2015
Period14/06/16 → …

Keywords

  • Browsers
  • Databases
  • SQLi
  • Syntactics
  • Uniform resource locators
  • Vulnerability
  • Web applications
  • Web servers get and post based SQLi

Fingerprint

Dive into the research topics of 'A Case Study of SQL Injection Vulnerabilities Assessment of. bd Domain Web Applications'. Together they form a unique fingerprint.

Cite this