Query log analysis for SQL injection detection

Nowadays, more and more services are dependent on the use of resources hosted on the web. The realization of operations such as access to the account bank, credit card operations, among other operations, is something increasingly common in current times, demonstrating not only human dependence on the internet connection, as well as the need to adapt the web resources to the daily life of society. As a result of this growing dependency, web resources now provide a greater amount of confidential information, making the risk of a cyberattack and information leaking grow considerably. In the web context, one of the most well-known attacks is SQL injection that allows the attacker to exploit, through the injection of malicious queries, access to confidential information. This paper suggests a solution for the detection of SQL injection via web resources, using the analysis of the logs of the executed queries.This work was partially supported by the Norte Portugal Regional Operational Programme(NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the European Regional Development Fund (ERDF), within project “CybersSe- CIP” (NORTE-01-0145-FEDER-000044). The authors are grateful to the Foundation for Science and Technology (FCT, Portugal) for financial support through national funds FCT/MCTES (PIDDAC) to CeDRI (UIDB/05757/2020 and UIDP/05757/2020) and SusTEC (LA/P/0007/2021).info:eu-repo/semantics/publishedVersio

Ensemble Machine Learning Approaches for Detection of SQL Injection Attack

In the current era, SQL Injection Attack is a serious threat to the security of the ongoing cyber world particularly for many web applications that reside over the internet. Many webpages accept the sensitive information (e.g. username, passwords, bank details, etc.) from the users and store this information in the database that also resides over the internet. Despite the fact that this online database has much importance for remotely accessing the information by various business purposes but attackers can gain unrestricted access to these online databases or bypass authentication procedures with the help of SQL Injection Attack. This attack results in great damage and variation to database and has been ranked as the topmost security risk by OWASP TOP 10. Considering the trouble of distinguishing unknown attacks by the current principle coordinating technique, a strategy for SQL injection detection dependent on Machine Learning is proposed. Our motive is to detect this attack by splitting the queries into their corresponding tokens with the help of tokenization and then applying our algorithms over the tokenized dataset. We used four Ensemble Machine Learning algorithms: Gradient Boosting Machine (GBM), Adaptive Boosting (AdaBoost), Extended Gradient Boosting Machine (XGBM), and Light Gradient Boosting Machine (LGBM). The results yielded by our models are near to perfection with error rate being almost negligible. The best results are yielded by LGBM with an accuracy of 0.993371, and precision, recall, f1 as 0.993373, 0.993371, and 0.993370, respectively. The LGBM also yielded less error rate with False Positive Rate (FPR) and Root Mean Squared Error (RMSE) to be 0.120761 and 0.007, respectively. The worst results are yielded by AdaBoost with an accuracy of 0.991098, and precision, recall, f1 as 0.990733, 0.989175, and 0.989942, respectively. The AdaBoost also yielded high False Positive Rate (FPR) to be 0.009

SQL Injection Detection Using Machine Learning

Sharing information over the Internet over multiple platforms and web-applications has become a quite common phenomenon in the recent times. The web-based applications that accept critical information from users store this information in databases. These applications and the databases connected to them are susceptible to all kinds of information security threats due to being accessible through the Internet. The threats include attacks such as Cross Side Scripting (CSS), Denial of Service Attack (DoS0, and Structured Query Language (SQL) Injection attacks. SQL Injection attacks fall under the top ten vulnerabilities when we talk about web-based applications. Through this kind of attack, the attacker can steal critical and confidential information and hence it could have damaging effects on a business or organization. The effects could range from monetary loss, leaking confidential business information, decrease in company’s stock market value or any combination of these. In this paper we have used an algorithm called Gradient Boosting Classifier from ensemble machine learning approaches to classify and detect SQL Injection attacks

The approaches to quantify web application security scanners quality: A review

The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality

Penetration testing using Kali Linux: SQL injection, XSS, Wordpress, and WPA2 attacks

Nowadays, computers, smart phones, smart watches, printers, projectors, washing machines, fridges, and other mobile devices connected to Internet are exposed to various threats and exploits. Of the various attacks, SQL injection, cross site scripting, Wordpress, and WPA2 attack were the most popular security attacks and will be further investigated in this paper. Kali Linux provides a great platform and medium in learning various types of exploits and penetration testing. All the simulated attack will be conducted using Kali Linux installed on virtual machine in a computer with Intel Core i5 and 8 GB RAM, while the victim’s machine is the host computer which run Windows 10 version 1709. Results showed that the attacks launched both on web and firewall were conducted successfully

A Framework for Automating Security Assessments with Deductive Reasoning

Proper testing of hardware and software infrastructure and applications has become mandatory. To this purpose, security researchers and software companies have released a plethora of domain specific tools, libraries and frameworks that assist human operators (penetration testers, red teamers, bug hunters) in finding and exploiting specific vulnerabilities, and orchestrating the activities of a security assessment. Most tools also require minor reconfigurations in order to operate properly with isomorphic systems, characterized by the same exploitation path even in presence of different configurations. In this paper we present a human-assisted framework that tries to overcome the aforementioned limitations. Our proposal is based on a Prolog-based expert system with facts and deductive rules that allow to infer new facts from existing ones. Rules are bound to actions whose results are fed back into the knowledge base as further facts. In this way, a security assessment is treated like a theorem that has to be proven. We have built an initial prototype and evaluated it in different security assessments of increasing complexity (jeopardy and boot-to-root machines). Our preliminary results show that the proposed approach can address the following challenges; (a) reaching non-standard goals (which would be missed by most tools and frameworks); (b) solving isomorphic systems without the need for reconfiguration; (c) identifying vulnerabilities from chained weaknesses and exposures

The impact of SQL injection attacks on the security of databases

SQL injection Attack (SQLIA) can be detected in many web applications that lack of input variable filtering. The problem of this study is the weak input filtration and validation of forms in dynamic web applications and using a single detection and prevention technique against SQL injection attacks.The aim of this study is to investigate the effect of poor input validation of SQL query to discriminate the parameters used for injection malicious SQL on the security of server database and to improve the filtration level of a user input from real one and a malicious one on dynamic web applications in e-commerce, and to proposes a technique called Combined Detect based on two methods based on JavaScript and PHP coding to detect malicious SQL query and isolate it before sending to the server.The result of this study shows that many web developers neglect the high risks of SQL injection attacks on the security and confidentially of data stored in databases.The injection of malicious SQL parameters pass to the database in the server could damage the whole database or steal data.The method used in this study is based on JavaScript and PHP codes enable the dynamic web application to separate between normal data and malicious data, nevertheless of what user input is entered through input fields.The study recommended avoiding any weakness in SQL server by providing effective input validation to discriminate the malicious parameters used for injection SQL attack queries and using multiple detection methods for SQL injection

Principles of hacking and databases

The report’s intention is to bring closer different aspects of the security on the Internet. In the first chapter it is explained the concept of penetration testing and the fundamentals of this process while highlighting the importance it has in the protection of networks and devices. Then, it is given a basic view of the main attacks that can be performed to gain access, deny service, steal information and others. In chapter three, introduces from an educational point of view the possibilities for beginners to practice their abilities in a secure environment. Finally, in the fourth chapter, the research focuses on an important element of the Internet, which is databases and their security, concluding with a simulation of an SQL injection attack.Grado en Ingeniería de Tecnologías de Telecomunicació

Web application penetration test: Proposal for a generic web application testing methodology

Nowadays, Security Management is beginning to become a priority for most companies. The primary aim is to prevent unauthorized identities from accessing classified information and using it against the organization. The best way to mitigate hacker attacks is to learn their methodologies. There are numerous ways to do it, but the most common is based on Penetration Tests, a simulation of an attack to verify the security of a system or environment to be analyzed. This test can be performed through physical means utilizing hardware or through social engineering. The objective of this test is to examine, under extreme circumstances, the behavior of systems, networks, or personnel devices, to identify their weaknesses and vulnerabilities. This dissertation will present an analysis of the State of the Art related to penetration testing, the most used tools and methodologies, its comparison, and the most critical web application vulnerabilities. With the goal of developing a generic security testing methodology applicable to any Web application, an actual penetration test to the web application developed by VTXRM – Software Factory (Accipiens) will be described, applying methods and Open-Source software step by step to assess the security of the different components of the system that hosts Accipiens. At the end of the dissertation, the results will be exposed and analyzed.Atualmente, a Gestão de Segurança da Informação começa a tornar-se uma prioridade para a maioria das Empresas, com o principal objetivo de impedir que identidades não autorizadas acedam a informações confidenciais e as utilizem contra a organização. Uma das melhores formas de mitigar os possíveis ataques é aprender com as metodologias dos atacantes. Existem inúmeras formas de o fazer, mas a mais comum baseia-se na realização de Testes de Intrusão, uma simulação de um ataque para verificar a segurança de um sistema ou ambiente a ser analisado. Este teste pode ser realizado através de meios físicos utilizando hardware, através de engenharia social e através de vulnerabilidades do ambiente. O objetivo deste teste é examinar, em circunstâncias extremas, o comportamento de sistemas, redes, ou dispositivos pessoais, para identificar as suas fraquezas e vulnerabilidades. Nesta dissertação será apresentada uma análise ao estado da arte relacionada com testes de penetração, as ferramentas e metodologias mais utilizadas, uma comparação entre elas, serão também explicadas algumas das vulnerabilidades mais críticas em aplicações web. O objetivo é o desenvolvimento de uma metodologia genérica de testes de intrusão, ambicionando a sua aplicabilidade e genericidade em aplicações web, sendo esta aplicada e descrita num teste de intrusão real à aplicação web desenvolvida pela VTXRM – Software Factory (Accipiens), aplicando passo a passo métodos e softwares Open-Source com o objetivo de analisar a segurança dos diferentes componentes do sistema no qual o Accipiens está instalado. No final serão apresentados os resultados do mesmo e a sua análise