Technical Journal, Vol. 16 No. 4, 2022.
Preliminary communication
https://doi.org/10.31803/tg-20211203090618
The Importance of Developing Preventive Techniques for SQL Injection Attacks
Nenad Bedeković
; University North, University Center Varaždin, Jurja Križanića 31b, 42 000 Varaždin, Croatia
Ladislav Havaš
orcid.org/0000-0002-5051-4486
; University North, University Center Varaždin, Jurja Križanića 31b, 42 000 Varaždin, Croatia
Tomislav Horvat
orcid.org/0000-0002-8358-3218
; University North, University Center Varaždin, Jurja Križanića 31b, 42 000 Varaždin, Croatia
Dražen Crčić
orcid.org/0000-0001-6658-9266
; University North, University Center Varaždin, Jurja Križanića 31b, 42 000 Varaždin, Croatia
Abstract
Many intentionally vulnerable web applications are circulating on the Internet that serve as a legal test ground for practicing SQL injection attacks. For demonstration purposes the attacks will target an Acunetix test web application created using PHP programming language and MySQL relational database. In the practical part, the execution of the attack itself largely depends on the database management system, so the displayed syntax is intended only for the MySQL database management system. Example of an automated attack will be executed on SQLmap in a Linux Kali virtualized environment. Security guidelines with a purpose of protecting databases are also discussed.
Keywords
database; MySQL; relational database; SQL; SQL injection attack; SQLmap
Hrčak ID:
283790
URI
Publication date:
23.9.2022.
Visits: 2.313 *