SQL Pen-Testing framework for Cyber Security : A Review

Authors(2) :-Ravi Nayak, Dr. Priyanka Sharma

In Modern Life, Cyber Security is a major concern nowadays. Web application is not secured and there exits bugs or vulnerability found in a web application. So the major attack in a web application is Injection attack in which SQL injection has a high priority. In this Paper, we proposed Steps for Penetration testing of SQL Injection to measure or to detect attacks such as SQL Manipulation, Code Injection Function Call Injection, Buffer Overflow, Error Based SQL Injection and Blind SQL injection.

Authors and Affiliations

Ravi Nayak
Research Scholar, MTECH Department, Raksha Shakti University, Ahmedabad, Gujarat, India
Dr. Priyanka Sharma
Professor, MTECH Department, Raksha Shakti University, Ahmedabad, Gujarat, India

SQL, Penetration Testing, SQL Injection

  • https://en.wikipedia.org/wiki/SQL_injection
  • https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
  • https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)
  • A. Christensen, A. Møller, and M. Schwartzbach. Precise analysis of string expressions. In Proceedings of the International Static Analysis Symposium (SAS’03), 2003
  • C. Gould, Z. Su, and P. Devanbu. JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications. In Proceedings of the 26th International Conference on Software Engineering, pages 697-698, 2004.
  • W. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In Proceedings of the 20th IEEE/ACM international Conference on Automated software enginee, pages 174-183, 2005.
  • J. Burch, E. Clarke, K. McMillan, D. Dill, and L. Hwang. Symbolic model checking: 1020 states and beyond. In IEEE Symposium on Logic in Computer Science, pages 428-439, 1990.
  • SPI Dynamics. Webinspect: Security throughout the application lifecycle. SPI Dynamics.Datasheet. http://www.spidynamics.com/assets/documents/WebInspect_DataSheets.pdf
  • Y.W. Huang, S.K. Huang, T.P. Lin, and C.H. Tsai.Web application security assessment by fault injection and behavior monitoring. In Proceedings of the 11th International World Wide Web Conference (WWW 2003), 2003.

Publication Details

Published in : Volume 2 | Issue 6 | November-December 2017
Date of Publication : 2017-12-31
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 970-972
Manuscript Number : CSEIT1726274
Publisher : Technoscience Academy

ISSN : 2456-3307

Cite This Article :

Ravi Nayak, Dr. Priyanka Sharma, "SQL Pen-Testing framework for Cyber Security : A Review", International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT), ISSN : 2456-3307, Volume 2, Issue 6, pp.970-972, November-December-2017. |          | BibTeX | RIS | CSV

Article Preview