Scopus Indexed Publications
Paper Details
- Title
- SQLi penetration testing of financial Web applications: Investigation of Bangladesh region
- Author
- , Delwar Alam, Md. Alamgir Kabir, Touhid Bhuiyan,
- alamgir.swe@diu.edu.bd
- Abstract
- Business critical web applications are the most popular services provided to the client by the financial sector. These applications are bringing handsome revenue for the financial industry every year. These services are also a frequent target of attackers. Poor coding practice leads applications to vulnerability that are exploited by attackers. Information and privileges such as access to databases, admin authorization, and access to data could be retrieved through exploitation. Services provided through web applications make the exploitation easier as these could be accessed from anywhere around the world. Web based financial services are comparatively new concept in Bangladesh. Thus the security aspects of these applications are less explored. This paper represents an analysis of few basic security issues of the financial web applications of Bangladesh. It focuses on structured query language injection (SQLi) vulnerability. It presents a manual black box penetration testing approach to test the financial web applications. Same steps are used for testing all the web applications in the dataset. A vulnerability analysis of the findings collected during the penetration testing is also presented in the paper.
- Keywords
- Financial web application , penetration testing , black box testing , SQLi
- Journal or Conference Name
- 2015 World Congress on Internet Security (WorldCIS)
- Publication Year
- 2015
- Indexing
- scopus