SQLi penetration testing of financial Web applications: Investigation of Bangladesh region

Tanjila Farah, Delwar Alam, Md Alamgir Kabir, Touhid Bhuiyan

Research output: Contribution to conferenceConference paper

8 Citations (Scopus)

Abstract

Business critical web applications are the most popular services provided to the client by the financial sector. These applications are bringing handsome revenue for the financial industry every year. These services are also a frequent target of attackers. Poor coding practice leads applications to vulnerability that are exploited by attackers. Information and privileges such as access to databases, admin authorization, and access to data could be retrieved through exploitation. Services provided through web applications make the exploitation easier as these could be accessed from anywhere around the world. Web based financial services are comparatively new concept in Bangladesh. Thus the security aspects of these applications are less explored. This paper represents an analysis of few basic security issues of the financial web applications of Bangladesh. It focuses on structured query language injection (SQLi) vulnerability. It presents a manual black box penetration testing approach to test the financial web applications. Same steps are used for testing all the web applications in the dataset. A vulnerability analysis of the findings collected during the penetration testing is also presented in the paper.
Original languageEnglish
Pages146-151
Number of pages6
DOIs
Publication statusPublished - 16 Dec 2015
Externally publishedYes
Event2015 World Congress on Internet Security, WorldCIS 2015 -
Duration: 16 Dec 2015 → …

Conference

Conference2015 World Congress on Internet Security, WorldCIS 2015
Period16/12/15 → …

Keywords

  • Financial web application
  • SQLi
  • black box testing
  • penetration testing

Fingerprint

Dive into the research topics of 'SQLi penetration testing of financial Web applications: Investigation of Bangladesh region'. Together they form a unique fingerprint.

Cite this