SQL Pen-Testing framework for Cyber Security : A Review

Authors

  • Ravi Nayak  Research Scholar, MTECH Department, Raksha Shakti University, Ahmedabad, Gujarat, India
  • Dr. Priyanka Sharma  Professor, MTECH Department, Raksha Shakti University, Ahmedabad, Gujarat, India

Keywords:

SQL, Penetration Testing, SQL Injection

Abstract

In Modern Life, Cyber Security is a major concern nowadays. Web application is not secured and there exits bugs or vulnerability found in a web application. So the major attack in a web application is Injection attack in which SQL injection has a high priority. In this Paper, we proposed Steps for Penetration testing of SQL Injection to measure or to detect attacks such as SQL Manipulation, Code Injection Function Call Injection, Buffer Overflow, Error Based SQL Injection and Blind SQL injection.

References

  • https://en.wikipedia.org/wiki/SQL_injection
  • https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
  • https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)
  • A. Christensen, A. Møller, and M. Schwartzbach. Precise analysis of string expressions. In Proceedings of the International Static Analysis Symposium (SAS’03), 2003
  • C. Gould, Z. Su, and P. Devanbu. JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications. In Proceedings of the 26th International Conference on Software Engineering, pages 697-698, 2004.
  • W. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In Proceedings of the 20th IEEE/ACM international Conference on Automated software enginee, pages 174-183, 2005.
  • J. Burch, E. Clarke, K. McMillan, D. Dill, and L. Hwang. Symbolic model checking: 1020 states and beyond. In IEEE Symposium on Logic in Computer Science, pages 428-439, 1990.
  • SPI Dynamics. Webinspect: Security throughout the application lifecycle. SPI Dynamics.Datasheet. http://www.spidynamics.com/assets/documents/WebInspect_DataSheets.pdf
  • Y.W. Huang, S.K. Huang, T.P. Lin, and C.H. Tsai.Web application security assessment by fault injection and behavior monitoring. In Proceedings of the 11th International World Wide Web Conference (WWW 2003), 2003.

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2017-12-31

Issue

Volume 2, Issue 6, November-December-2017

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Ravi Nayak, Dr. Priyanka Sharma, " SQL Pen-Testing framework for Cyber Security : A Review, IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 2, Issue 6, pp.970-972, November-December-2017.