Skip to main content
SpringerLink
Log in
Book cover

International Conference on Applied Human Factors and Ergonomics

AHFE 2017: Advances in Human Factors in Cybersecurity pp 45–51Cite as

Understanding and Discovering SQL Injection Vulnerabilities

  • Conference paper
  • First Online:

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 593))

Abstract

The Internet has become very important today and a large part of everyday life, so it is vital to focus on security for web applications and mobile services, so as to protect electronic commerce, electronic government, social media and all electronic services that transfer information through it. News reports of attacks on services are frequent. Hackers use vulnerabilities in software or hardware to destroy services, and one of the common vulnerabilities is SQL injection. This vulnerability comes down to poor coding practices of junior programmers writing SQL dynamics at the back end. This paper creates a case study that considers two scenarios using ASP.NET 2015 and SQL Server 2014. In the first scenario, we check whether SQL injection exists or not, then make an SQL injection from the front end and add it to the SQL statement that exists at the back end. Then we hack the website. In the second scenario, we attempt to create a solution to protect this website. The research paper confirms that SQL injection already exists in ASP.NET 2015 (web form) and SQL Server 2014.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Sharpened Productions Web Application (2016). http://techterms.com/definition/web_application

  2. Investintech.com Inc.: What is a Web Application (2016). http://www.investintech.com/content/webapplication/

  3. Whitman, M., Mattord, H.J.: Principles of Information Security, 4th edn. Cengage, Boston (2012)

    Google Scholar 

  4. Clark, J., Alvarez, R.M., Hartley, D., Hemler, J., Kornbrust, A., Meer, H., O’Leary-Steele, G., Revelli, A., Slaviero, M., Stuttard, D.: SQL Injection Attacks and Defense United States of America (2009)

    Google Scholar 

  5. Rolston, B.: Attack Methodology Analysis: SQL Injection Attacks. US-CERT Control Systems Security Center, Idaho Falls (2005)

    Google Scholar 

  6. Shegokar, A.M., Manjaramkar, A.K.: A survey on SQL injection attack, detection and prevention techniques. Int. J. Comput. Sci. Inf. Technol. 5(2), 2553–2555 (2014). ISSN 0975-9646,2014/05

    Google Scholar 

  7. Alrajhi, M., Alothman, M., Aldosari, A., Othman, A.: Understanding and Discovering SQL Injection Vulnerabilities and Countermeasures. NAUSS (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Naif Arab University for Security Sciences, Riyadh, Saudi Arabia

    Abdullaziz A. Sarhan, Shehab A. Farhan & Fahad M. Al-Harby

Authors
  1. Abdullaziz A. Sarhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shehab A. Farhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fahad M. Al-Harby
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abdullaziz A. Sarhan .

Editor information

Editors and Affiliations

  1. Soar Technology, Inc., Belle Isle, Florida, USA

    Denise Nicholson

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Sarhan, A.A., Farhan, S.A., Al-Harby, F.M. (2018). Understanding and Discovering SQL Injection Vulnerabilities. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-60585-2_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-60584-5

  • Online ISBN: 978-3-319-60585-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation