IJISC
  • Indexed in

  • Latest News

    December 30, 2024
    Volume 13, Issue 2 of the International Journal of Information Security and Cybercrime was published
    July 1, 2024
    Volume 13, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 27, 2023
    Volume 12, Issue 2 of the International Journal of Information Security and Cybercrime was published
  • --- More News ---
  • Popular Articles

  • SQL Injection Testing in Web Applications Using SQLmap


    Author(s): AXINTE, Sabina-Daniela

    Quick view | Full article | Citations | Views: 1,817


    Author(s) keywords: , , , ,


    Reference keywords: ,


    Abstract:

    SQL Injection (SQLI) is a penetration technique used for unauthorized direct access data from the database server, throughout a Web Application which is authorized to connect. A malicious SQL code can be introduced in entry fields, and the database can reply with unapproved information such as usernames and passwords of clients. An analytical overview of this technique, methods, tools and prevention actions is presented. An example of a step-by-step SQL Injection implementation with results is developed in order to understand how to increase website applications security.



    References:

    [1]. OWASP Top Ten Project, (2014, Sep. 10) [Online]. Available: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

    [2]. I.-C. Mihai, Information Security, Sitech Publishing, 2012.

    [3]. J. Clarke, K. Fowler, E. Oftedal, and R.M. Alvarez, “SQL Injection Attacks and Defense”, Second Edition, Syngress, USA, 2012.

    [4]. Understanding SQL Injection, (2014, Sep. 14) [Online]. Available: http://www.cisco.com/web/about/ security/intelligence/sql_injection.html

    [5]. SQL Injection, (2014, Sep. 20) [Online]. Available: http://technet.microsoft.com/en-us/library/ms161953%28v=SQL.105%29.aspx

    [6]. Damn Vulnerable Web Application, (2014, Sep. 23) [Online]. Available: http://www.dvwa.co.uk/

    [7]. R. Rankins, P. Bertucci, C. Gallelli, and A.T. Silverstein, “Microsoft SQL Server 2008 R2 Unleashed”, SAMS, Indiana, USA, 2012.

    [8]. SQLmap, (2014, Sep. 27) [Online]. Available: https://github.com/sqlmapproject/sqlmap/wiki/Usage



    Additional Information

    Article Title: SQL Injection Testing in Web Applications Using SQLmap
    Author(s): AXINTE, Sabina-Daniela
    Date of Publication: 2014-12-29
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225 e-ISSN: 2286-0096
    Digital Object Identifier: 10.19107/IJISC.2014.02.07
    Issue: Volume 3, Issue 2, Year 2014
    Section: Cyber-Attacks Evolution and Cybercrime Trends
    Page Range: 61-68 (8 pages)



    Copyright ©2012-2025
    The International Journal of Information Security and Cybercrime (IJISC)

    All rights reserved
    The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.