A Survey on SQL injection: vulnerabilities, attacks, and prevention techniques

In this paper, we present a detailed review on various types of SQL injection attacks, vulnerabilities, and prevention techniques. Alongside presenting our findings from the survey, we also note down future expectations and possible development of countermeasures against SQL injection attacks

A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies

In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks

A Security Perspective on Code Review: The Case of Chromium

Modern Code Review (MCR) is an established software development process that aims to improve software quality. Although evidence showed that higher levels of review coverage relates to less post-release bugs, it remains unknown the effectiveness of MCR at specifically finding security issues. We present a work we conduct aiming to fill that gap by exploring the MCR process in the Chromium open source project. We manually analyzed large sets of registered (114 cases) and missed (71 cases) security issues by backtracking in the project's issue, review, and code histories. This enabled us to qualify MCR in Chromium from the security perspective from several angles: Are security issues being discussed frequently? What categories of security issues are often missed or found? What characteristics of code reviews appear relevant to the discovery rate? Within the cases we analyzed, MCR in Chromium addresses security issues at a rate of 1% of reviewers' comments. Chromium code reviews mostly tend to miss language-specific issues (e.g., C++ issues and buffer overflows) and domain-specific ones (such as Cross-Site Scripting), when code reviews address issues, mostly they address those that pertain to the latter type. Initial evidence points to reviews conducted by more than 2 reviewers being more successful at finding security issues

A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies

In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks

A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques

In this paper, we present a detailed review on various types of SQL injection attacks, vulnerabilities, and prevention techniques. Alongside presenting our findings from the survey, we also note down future expectations and possible development of countermeasures against SQL injection attacks.

Improvement on label production software quality with test class standardization using XP technique

Label production software is an “in house” automation software which contains “Test Class” with the source code of function required by the customer and product engineer to support the testing and requirements of various type of products in Finisar. It is very important to make sure the release of label production software is bug and defect free, delivered on time without any delay to avoid any aging and shipment problem, meets requirements and expectations of user and customer, and good quality through reusability. This software quality able to be improved with test class standardization here means coordinate, and organize the functions in the source code of the test class as required by the users into one standard format where it can be reusable on various product types. Current label production software contains unstable test classes with duplication functions, hard coded data and unable to be reused on various products testing which causes problem in testing of any new products with new requirement and affect the quality of the software. By studying further on the problem it is known that the test class developed though process flow diagram need to be improved first in order to develop standardize test classes. In this study it is proposed to use agile technique “Extreme Programming (XP)”. This XP technique will be implemented in the existing process flow diagram as it is able to support each of the steps required from test software request to develop test classes until testing and release of final version to production floor. By implementing XP into the existing process flow diagram it will be helpful in developing standardize test classes (STC). This STC will be measure for the reusability together with the release software version in order to prove the quality of the label production software quality is improved. In summary, label production software quality reusability can be improved with test class standardization through using the XP technique as proposed in process flow diagram

Approaches to detect SQL injection and XSS in web applications

ABSTRACT We are increasingly relying on web, and accessing important information as well as transmitting data through it. At the same time, quantity and impact of security vulnerabilities in such applications has grown as well. Billions of transactions are performed online with the help of various kinds of web applications. Almost in all of them user is authenticated before providing access to backend database for storing all the information. In this whole scenario a well-designed injection can provide access to malicious or unauthorized users and mostly achieved through SQL injection and Crosssite scripting (XSS). In this paper we are going to provide a detailed survey of various kinds of SQL injection, XSS attacks and approaches to detect and prevent them. Furthermore we are also going to provide a comparative analysis of different approaches against these attacks. And then we are also going to present our findings and note down future expectations and expected development of counter measures against these attacks