Skip to the main content

Preliminary communication

https://doi.org/10.31803/tg-20211203090618

The Importance of Developing Preventive Techniques for SQL Injection Attacks

Nenad Bedeković ; University North, University Center Varaždin, Jurja Križanića 31b, 42 000 Varaždin, Croatia
Ladislav Havaš orcid id orcid.org/0000-0002-5051-4486 ; University North, University Center Varaždin, Jurja Križanića 31b, 42 000 Varaždin, Croatia
Tomislav Horvat orcid id orcid.org/0000-0002-8358-3218 ; University North, University Center Varaždin, Jurja Križanića 31b, 42 000 Varaždin, Croatia
Dražen Crčić orcid id orcid.org/0000-0001-6658-9266 ; University North, University Center Varaždin, Jurja Križanića 31b, 42 000 Varaždin, Croatia


Full text: english pdf 1.403 Kb

page 523-529

downloads: 1.023

cite


Abstract

Many intentionally vulnerable web applications are circulating on the Internet that serve as a legal test ground for practicing SQL injection attacks. For demonstration purposes the attacks will target an Acunetix test web application created using PHP programming language and MySQL relational database. In the practical part, the execution of the attack itself largely depends on the database management system, so the displayed syntax is intended only for the MySQL database management system. Example of an automated attack will be executed on SQLmap in a Linux Kali virtualized environment. Security guidelines with a purpose of protecting databases are also discussed.

Keywords

database; MySQL; relational database; SQL; SQL injection attack; SQLmap

Hrčak ID:

283790

URI

https://hrcak.srce.hr/283790

Publication date:

23.9.2022.

Visits: 2.313 *