Abstract
The Internet has become very important today and a large part of everyday life, so it is vital to focus on security for web applications and mobile services, so as to protect electronic commerce, electronic government, social media and all electronic services that transfer information through it. News reports of attacks on services are frequent. Hackers use vulnerabilities in software or hardware to destroy services, and one of the common vulnerabilities is SQL injection. This vulnerability comes down to poor coding practices of junior programmers writing SQL dynamics at the back end. This paper creates a case study that considers two scenarios using ASP.NET 2015 and SQL Server 2014. In the first scenario, we check whether SQL injection exists or not, then make an SQL injection from the front end and add it to the SQL statement that exists at the back end. Then we hack the website. In the second scenario, we attempt to create a solution to protect this website. The research paper confirms that SQL injection already exists in ASP.NET 2015 (web form) and SQL Server 2014.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Sharpened Productions Web Application (2016). http://techterms.com/definition/web_application
Investintech.com Inc.: What is a Web Application (2016). http://www.investintech.com/content/webapplication/
Whitman, M., Mattord, H.J.: Principles of Information Security, 4th edn. Cengage, Boston (2012)
Clark, J., Alvarez, R.M., Hartley, D., Hemler, J., Kornbrust, A., Meer, H., O’Leary-Steele, G., Revelli, A., Slaviero, M., Stuttard, D.: SQL Injection Attacks and Defense United States of America (2009)
Rolston, B.: Attack Methodology Analysis: SQL Injection Attacks. US-CERT Control Systems Security Center, Idaho Falls (2005)
Shegokar, A.M., Manjaramkar, A.K.: A survey on SQL injection attack, detection and prevention techniques. Int. J. Comput. Sci. Inf. Technol. 5(2), 2553–2555 (2014). ISSN 0975-9646,2014/05
Alrajhi, M., Alothman, M., Aldosari, A., Othman, A.: Understanding and Discovering SQL Injection Vulnerabilities and Countermeasures. NAUSS (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Sarhan, A.A., Farhan, S.A., Al-Harby, F.M. (2018). Understanding and Discovering SQL Injection Vulnerabilities. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-60585-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60584-5
Online ISBN: 978-3-319-60585-2
eBook Packages: EngineeringEngineering (R0)