A Real-World Implementation of SQL Injection Attack Using Open Source Tools for Enhanced Cybersecurity Learning

机译：使用开放源代码工具进行SQL注入攻击的真实实现，以增强网络安全性

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

SQL injection is well known a method of executing SQL queries and retrieving sensitive information from a website connected database. This process poses a threat to those applications which are poorly coded in the today's world. SQL is considered as one of the top 10 vulnerabilities even in 2018. To keep a track of the vulnerabilities that each of the websites are facing, we employ a tool called Acunetix which allows us to find the vulnerabilities of a specific website. This tool also suggests measures on how to ensure preventive measures. Using this implementation, we discover vulnerabilities in an actual website. Such a real-world implementation would be useful for instructional use in a foundational cybersecurity course.

机译：SQL注入是一种执行SQL查询并从网站连接的数据库中检索敏感信息的方法。此过程对当今世界中编码不良的应用程序构成威胁。 SQL甚至在2018年都被认为是十大漏洞之一。为了跟踪每个网站面临的漏洞，我们使用了一个名为Acunetix的工具，该工具可以让我们查找特定网站的漏洞。该工具还建议有关如何确保预防措施的措施。使用此实现，我们发现了实际网站中的漏洞。这样的现实世界的实现对于基础网络安全课程中的指导性使用将是有用的。

著录项

来源
《IEEE International Conference on Electro/Information Technology》|2018年|198-202|共5页
会议地点 Rochester(US)
作者
Shriya Vyamajala; Tauheed Khan Mohd; Ahmad Javaid;
展开▼
作者单位

The University of Toledo EECS Department Toledo Ohio 43606;

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Tools; SQL injection; Databases; Servers; Linux; Crawlers; Computer hacking;

机译：工具； SQL注入数据库；服务器； Linux;爬行者；电脑骇客;

相似文献

外文文献
中文文献
专利

1. SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks [J] . Abdul Bashah Mat Ali, Ala’ Yaseen Ibrahim Shakhatreh, Mohd Syazwan Abdullah, Procedia Computer Science . 2011,第1期

机译：SQL注入漏洞扫描工具，用于自动创建SQL注入攻击
2. 3 Free Tools that Prevent SQL Injection Attacks [J] . Kevin Kline SQL Server Magazine . 2009,第2期

机译：3个防止SQL注入攻击的免费工具
3. IIS Tool Filters SQL-Injection Attacks [J] . Kurt Mackie Redmond developer news . 2008,第18期

机译：IIS工具可过滤SQL注入攻击
4. A Real-World Implementation of SQL Injection Attack Using Open Source Tools for Enhanced Cybersecurity Learning [C] . Shriya Vyamajala, Tauheed Khan Mohd, Ahmad Javaid IEEE International Conference on Electro Information Technology . 2018

机译：使用开源工具实现SQL注入攻击的真实实现，以增强网络安全学习
5. Using Code Inspection, Code Modification, and Machine Learning to prevent SQL Injection. [D] . Trumble, Brandon. 2015

机译：使用代码检查，代码修改和机器学习来防止SQL注入。
6. Cognitive Models in Cybersecurity: Learning From Expert Analysts and Predicting Attacker Behavior [O] . Vladislav D. Veksler, Norbou Buchler, Claire G. LaFleur, 2020

机译：网络安全中的认知模型：从专家分析师学习并预测攻击者行为
7. SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks [O] . Mat Ali, Abdul Bashah, Shakhatreh, Yaseen Ibrahim Ala’, Mohd Abdullah, Syazwan, 2011

机译：用于自动创建SQL注入攻击的SQL注入漏洞扫描工具
8. Attack methodology Analysis: SQL Injection Attacks and Their Applicability to Control Systems [R] . 2005

机译：攻击方法分析：sQL注入攻击及其对控制系统的适用性

A Real-World Implementation of SQL Injection Attack Using Open Source Tools for Enhanced Cybersecurity Learning

摘要

著录项

相似文献

相关主题

期刊订阅