SQL Injection Testing in Web Applications Using SQLmap
Author(s): AXINTE, Sabina-Daniela
Author(s) keywords: penetration testing, security, SQL Injection, SQLmap, vulnerability
Reference keywords: cyber-attacks, information security
Abstract:
SQL Injection (SQLI) is a penetration technique used for unauthorized direct access data from the database server, throughout a Web Application which is authorized to connect. A malicious SQL code can be introduced in entry fields, and the database can reply with unapproved information such as usernames and passwords of clients. An analytical overview of this technique, methods, tools and prevention actions is presented. An example of a step-by-step SQL Injection implementation with results is developed in order to understand how to increase website applications security.
References:
[1]. OWASP Top Ten Project, (2014, Sep. 10) [Online]. Available: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
[2]. I.-C. Mihai, Information Security, Sitech Publishing, 2012.
[3]. J. Clarke, K. Fowler, E. Oftedal, and R.M. Alvarez, “SQL Injection Attacks and Defense”, Second Edition, Syngress, USA, 2012.
[4]. Understanding SQL Injection, (2014, Sep. 14) [Online]. Available: http://www.cisco.com/web/about/ security/intelligence/sql_injection.html
[5]. SQL Injection, (2014, Sep. 20) [Online]. Available: http://technet.microsoft.com/en-us/library/ms161953%28v=SQL.105%29.aspx
[6]. Damn Vulnerable Web Application, (2014, Sep. 23) [Online]. Available: http://www.dvwa.co.uk/
[7]. R. Rankins, P. Bertucci, C. Gallelli, and A.T. Silverstein, “Microsoft SQL Server 2008 R2 Unleashed”, SAMS, Indiana, USA, 2012.
[8]. SQLmap, (2014, Sep. 27) [Online]. Available: https://github.com/sqlmapproject/sqlmap/wiki/Usage
Article Title: SQL Injection Testing in Web Applications Using SQLmap
Author(s): AXINTE, Sabina-Daniela
Date of Publication: 2014-12-29
Publication: International Journal of Information Security and Cybercrime
ISSN: 2285-9225 e-ISSN: 2286-0096
Digital Object Identifier: 10.19107/IJISC.2014.02.07
Issue: Volume 3, Issue 2, Year 2014
Section: Cyber-Attacks Evolution and Cybercrime Trends
Page Range: 61-68 (8 pages)
Copyright ©2012-2025
The International Journal of Information Security and Cybercrime (IJISC)
All rights reserved
The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.