Logo PTI
Polish Information Processing Society
Logo RICE

Annals of Computer Science and Information Systems, Volume 10

Proceedings of the Second International Conference on Research in Intelligent and Computing in Engineering

Analysis of SQL Injection Using DVWA Tool

,

DOI: http://dx.doi.org/10.15439/2017R66

Citation: Proceedings of the Second International Conference on Research in Intelligent and Computing in Engineering, Vijender Kumar Solanki, Vijay Bhasker Semwal, Rubén González Crespo, Vishwanath Bijalwan (eds). ACSIS, Vol. 10, pages 107110 ()

Full text

Abstract. As the World Wide Web has been constantly evolving, many industrial sectors, such as social networking online shopping, e-government and e-banking, they have made their services available on the web. However, this causes malicious attackers makes a main target on Web. SQL Injection is one of the most vulnerable attack. With the help of authenticated user input parameters to change the query's logic hacker insert some SQL character in SQL Statement. When request is produced from client end query is produced. Query have to handle before execution, because client input originates from external as well as it is malicious. Currently security researchers proposed different types of solutions to defeat SQL injection attack. One of the very dangerous web application is Damn Vulnerable Web application (DVWA). There is numerous data inside DVWA to learn beginner. DVWA likewise utilized as a kind of perspective to secure coding, application against SQL Injection is secured if developer is not exactly beyond any doubt about it.

References

  1. Amir mohammad Sadeghian, Zamani Mazdak, Azizah Abd. Manaf, “SQL Injection Vulnerability General Patch Using Header Sanitization”, 2014 International Conference Computer, Communication and Control Technology.
  2. Joshi Anamika, V. Geetha, “SQL Injection Detection using Machine Learning”, International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT 2014).
  3. Buja Geogiana, Dr. Kamarularifin Bin Abd Jalil, Dr. Fakariah Bt. Hj Mohd Ali, Teh Faradilla Abdul Rahman, “Detection Model for SQL Injection Attack: An Approach for Preventing a Web Application from the SQL Injection Attack” 2014 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE) , April 7 - 8, 2014, Penang, Malaysia.
  4. Lwin Khin Shar and Hee Beng Kuan Tan, “Defeating SQL Injection”,2013 Published by the IEEE Computer Society.
  5. http://www.dvwa.co.uk/
  6. http://www.dvwa.co.uk/forum
  7. http://dvwa.svn.sourceforge.net/svnroot/dvwa
  8. Djuric Zoran, “A Black-box Testing Tool for Detecting SQL Injection Vulnerabilities” 2013 Informatics and Applications (ICIA),2013 Second International Conference.
  9. Komiya Ryohei, Paik Incheon, Masayuki Hisada,” Classification of Malicious Web Code by Machine Learning” 2011 Awareness Science and Tec bhnology (iCAST), 2011 3rd International Conference.
  10. Gupta Mukesh Kumar, Govil Mahesh Chand, Singh Girdhari, “An Approach to Minimize False Positive in SQLI Vulnerabilities Detection Techniques through Data Mining”,2014 Signal Propagation and Computer Technology (ICSPCT), International Conference.