IJISC
  • Indexed in

  • Latest News

    December 29, 2018
    Volume 7, Issue 2 of the International Journal of Information Security and Cybercrime was published
    June 29, 2018
    Volume 7, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 29, 2017
    Volume 6, Issue 2 of IJISC – International Journal of Information Security and Cybercrime was published
    December 4, 2017
    IJISC has been successfully evaluated for the ICI Journals Master List 2016 and received the ICV of 85.83 points
  • --- More News ---
  • Popular Articles

  • SQL Injection Testing in Web Applications Using SQLmap


    Author(s): AXINTE, Sabina-Daniela

    Quick view | Full article | Citations | Views: 1,216


    Author(s) keywords: , , , ,


    Reference keywords: ,


    Abstract:

    SQL Injection (SQLI) is a penetration technique used for unauthorized direct access data from the database server, throughout a Web Application which is authorized to connect. A malicious SQL code can be introduced in entry fields, and the database can reply with unapproved information such as usernames and passwords of clients. An analytical overview of this technique, methods, tools and prevention actions is presented. An example of a step-by-step SQL Injection implementation with results is developed in order to understand how to increase website applications security.



    References:

    [1]. OWASP Top Ten Project, (2014, Sep. 10) [Online]. Available: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

    [2]. I.-C. Mihai, Information Security, Sitech Publishing, 2012.

    [3]. J. Clarke, K. Fowler, E. Oftedal, and R.M. Alvarez, “SQL Injection Attacks and Defense”, Second Edition, Syngress, USA, 2012.

    [4]. Understanding SQL Injection, (2014, Sep. 14) [Online]. Available: http://www.cisco.com/web/about/ security/intelligence/sql_injection.html

    [5]. SQL Injection, (2014, Sep. 20) [Online]. Available: http://technet.microsoft.com/en-us/library/ms161953%28v=SQL.105%29.aspx

    [6]. Damn Vulnerable Web Application, (2014, Sep. 23) [Online]. Available: http://www.dvwa.co.uk/

    [7]. R. Rankins, P. Bertucci, C. Gallelli, and A.T. Silverstein, “Microsoft SQL Server 2008 R2 Unleashed”, SAMS, Indiana, USA, 2012.

    [8]. SQLmap, (2014, Sep. 27) [Online]. Available: https://github.com/sqlmapproject/sqlmap/wiki/Usage



    Additional Information

    Article Title: SQL Injection Testing in Web Applications Using SQLmap
    Author(s): AXINTE, Sabina-Daniela
    Date of Publication: 2014-12-29
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225 e-ISSN: 2286-0096
    Digital Object Identifier: 10.19107/IJISC.2014.02.07
    Issue: Volume 3, Issue 2, Year 2014
    Section: Cyber-Attacks Evolution and Cybercrime Trends
    Page Range: 61-68 (8 pages)



    Copyright

    Copyright ©2012-2019 IJISC - International Journal of Information Security and Cybercrime

    All rights reserved: International Journal of Information Security and Cybercrime is a trademark of RAISA - Romanian Association for Information Security Assurance.
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.