دانلود رایگان مقاله ISI درباره امنیت پایگاه داده،تزریق SQL و آسیب پذیری SQL
دانلود رایکان مقاله انگلیسی ISI با موضوع ابزار اسکن آسیب پذیری تزریق SQL برای ایجاد خودکار حملات تزریق SQL
عنوان فارسی مقاله:
ابزار اسکن آسیب پذیری تزریق SQL برای ایجاد خودکار حملات تزریق SQL
عنوان انگلیسی مقاله:
SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks
دانلود رایگان مقاله ISI با فرمت PDF:
مشاهده توضیحات کامل و خرید ترجمه فارسی با فرمت ورد تایپ شده:
بخشی از مقاله انگلیسی :
2. SQL Injection Vulnerability Problems
SQL injection vulnerability results from the fact that most web application developers do not apply user input validation and they are not aware about the consequences of such practices [6]. This inappropriate programming practices enable the attackers to trick the system by executing malicious SQL commands to manipulate the backend database [6, 1]. One of the most important properties of SQL injection attack is that it is easy to be launched and difficult to be avoided. These factors make this kind of attack preferred by most cyber criminals, and it is getting more attention in the recent years [1]. Furthermore, the available scanning tools have limited features in shaping efficient attacking patterns which are required to detect hidden SQL injection vulnerability [6, 1]. Moreover, the available scanning tools use brute force techniques to extract data from the targeted websites. These tools do not show meaningful and detailed information about the detected vulnerability. Obtaining this critical detailed information would be very useful for web developers who are not aware about hacking techniques in helping them to fix the bugs, thus to eliminating these vulnerabilities. The lack of penetration testing scanning tools built with enhanced features that are able to conduct efficient penetration test is the main problem addressed in this study. Therefore, this study aim is in developing a web scanning tool with enhanced features to detect SQL injection vulnerabilities of website databases using different types of attacking patterns, vectors and modes in shaping the attacks. The SQL injection vulnerability problems can be addressed by developing a new web scanning (MySQLlInjector) tool with enhanced features that is able to conduct efficient penetration test on PHP based websites to detect SQL injection vulnerabilities and getting the web developers to fix these vulnerabilities . The development of the tool is based on the following steps: (1) review the literature on current penetration testing tools for SQL injection attacks on databases for identifying the important types of attacking patterns, vectors and modes; (2) develop penetration testing styles for SQL injection attack on databases based on the different types of attacking patterns, vectors and modes based on information from the literature; (3) develop a web scanning tool (MySQLInjector) to detect SQL injection vulnerabilities based on the identified styles; and (4) test and validate the MySQLInjector tools for penetration testing on different websites.