Studi kasus sql injection vulnerabilities

assessment

Web applications provide friendly interface and any time easy accessibility. As the popularity of web
applications is increasing. it is bringing billions of dollars in annual revenue [1]. Various government and
private organizations have started to launch various web application services in Bangladesh such as:
financial transaction and information sharing services. Though launching a web application for each
service has become a trend, the security aspects are not considered as seriously. This places the
companies and the users of the applications in serious security risks. Security issues arise based on the
platform and structure of the web applications. Web applications associate with back-end database for
storing and retrieving real time data. Users provide input though web application to retrieve output
from database. Structured Query language (SQL) is used to retrieve data from database [3]. Intruders
violate the relation between application and database by inserting unauthorized data and thus
prompting the database to act out maliciously [2]. This process of inserting malicious and unchecked
input in database is known SQL injection (SQLi) attack [4]. Another attack that follows the similar
process is cross site scripting (XSS). SQLi and XSS are a potential threat to all database driven web
applications [8], [5]. Over the past few years there has been plenty of research going on in this field of
web application security, their types and their vulnerabilities. Various techniques and firewall have been
introduced to prevent SQLi and XSS vulnerabilities [6], [7]. Yet these vulnerabilities remain threat to web
applications. This paper explores the SQLi vulnerabilities exist in the web applications of Bangladesh. It
presents an analysis of user-input based SQLi technique implemented on the web applications. The
black box approach is used for testing purpose. Get and post based SQLi techniques has been
considered for analysis purpose [8]. This paper is organized as follow, we start by describing SQL, various
SQLi and get and post based SQLi. In section 3 we explain our research methodology. In section 4 we
describe the steps of SQLi we used during the research. Section 5 we discuss our finding through this
research. And then we conclude in section 6.

http://ieeexplore.ieee.org/document/7491565/