Scopus Indexed Publications

Paper Details


Title
Performance Analysis of Identifying SQL Injection Vulnerability in the Context of Bangladeshi Websites
Author
Sumadha Chakma, Irin Aktar Pushpa, K. B. M. Tahmiduzzaman, Md. Sadekur Rahman,
Email
Abstract

SQL injection is one of the most dangerous vulnerabilities for Web applications, and it is becoming a more common source of assaults as more and more systems migrate to the Web. Hackers modify the SQL query submitted by the user and insert malicious code into it. As a result, they get access to the database and change the data. Like developed countries, developing countries provide services to their citizens through various online portals, web applications, and websites to keep up with the global pace of digitalization. When it comes to websites, cybersecurity is one of the most frequently discussed topics, and ensuring the confidentiality and integrity of data have become increasingly important to businesses. Unfortunately, many web-based services are vulnerable to serious security threats due to a failure to consider vulnerability issues during the development phase. Vulnerability statistics are required for these developing countries to gain insight into the current security status of the web services provided. SQL injection is one of the most widely used techniques by hackers to take advantage of a security flaw in a website. The primary focus of this work is to compare performances of detecting SQLi vulnerabilities by presenting step by demonstration of two different third-party tools namely Havij and SQLmap. For the purpose of performance measure, we have tested 150 Bangladeshi websites that include government, educational, financial, and NGOs throughout this process to check their SQLi vulnerabilities. As a result of the country's recent focus on digitizing government services, the country already offers a wide range of online services to its citizens, and we wanted to learn more about them. The testing results revealed that the vast majority of the 150 websites tested from various categories are primarily vulnerable to boolean-based blind SQL Injection.

Keywords
Computer hacking , Web services , Instruments , Government , SQL injection , Developing countries , Malware
Journal or Conference Name
2022 13th International Conference on Computing Communication and Networking Technologies, ICCCNT 2022
Publication Year
2022
Indexing
scopus