Scopus Indexed Publications

Paper Details


Title
A Case Study of SQL Injection Vulnerabilities Assessment of. bd Domain Web Applications
Author
Delwar Alam, Md. Alamgir Kabir, Touhid Bhuiyan,
Email
alamgir.swe@diu.edu.bd
Abstract
Web applications or services play an important rolein present day to day life. They have impact on the developmentof both individual and a country. Easy access to services suchas online education, banking, reservation, shopping, resources, and information sharing have been proven most efficient forevery day life. Various government and private organizations ofBangladesh have started to use web services to support clients. Most of the web applications of Bangladesh is registered with.bd domain and developed using content management system(CMS), various scripting language and SQL or MySQL database.Web applications are popular target for web attackers. Howeverthe security issues of the .bd domin web applications are notlooked appropriately upon as of yet. One of the most attackedvulnerability of the database driven web applications is SQLinjection or SQLi. SQLi through URL and user-input field isextremely high risk in current web based applications. Restrictinguser access to URL and user input field defies the purpose of web applications. However, the un-restricted user access exposes thevulnerable fields to web attacks. To prevent these exploitation'sit is essential to have knowledge of the vulnerabilities adversariesuses to exploit the web applications. This paper presents anevaluation and analysis of SQLi vulnerabilities present in theexisting web applications of .bd domain using black box penetration testing approach. User input based SQLi has been used for evaluation.

Keywords
SQLi , web applications , vulnerability , get and post based SQLi
Journal or Conference Name
2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec)
Publication Year
2016
Indexing
scopus