3 research outputs found
Dise帽o de una herramienta automatizada para las pruebas de penetraci贸n inform谩tica del riesgo de inyecciones SQL inferenciales existente en aplicaciones empresariales bajo ambiente web
De los riesgos de seguridad en ambientes web, el riesgo de inyecciones SQL es catalogado como el m谩s importante, y, de los siete tipos existentes de inyecciones SQL, las inyecciones SQL inferenciales son las que presentan una mayor complejidad en sus pruebas de penetraci贸n, debido a que es necesario extraer la informaci贸n no de manera determin铆stica sino infiriendo los datos al observar cambios de comportamiento en el ambiente web. La presente tesis de maestr铆a tiene como objetivo la reducci贸n de tiempo empleado en las pruebas de penetraci贸n usadas para la evaluaci贸n del riesgo de inyecciones SQL inferenciales presente en ambientes web. Para esto se us贸 una metodolog铆a mixta: cuantitativa para el an谩lisis de los algoritmos usados en la evaluaci贸n de dicho riesgo y cualitativa al analizar las estrategias y herramientas utilizados actualmente en las pruebas de penetraci贸n sobre el riesgo mencionado. Como resultado de esta investigaci贸n, se pudo establecer que el algoritmo bit a bit es el m谩s eficiente en la extracci贸n de informaci贸n y la herramienta SQLMAP la m谩s completa para su evaluaci贸n. En t茅rminos de tiempos, la herramienta SQLBrute - SQL Injection Brute Forcer es la mejor para el caso de las inyecciones SQL inferenciales basadas en tiempo y The Mole para el caso de las no basadas en tiempo. Adem谩s, se realiz贸 una herramienta usando el algoritmo bit a bit optimizado, y se compar贸 los tiempos empleados por ella con las herramientas m谩s eficientes disponibles. Al comparar los tiempos de la herramienta desarrollada, se comprob贸 que esta investigaci贸n disminuyo los tiempos empleados en la evaluaci贸n del riesgo tratado y que la herramienta desarrollada realiza la extracci贸n de datos de manera m谩s eficienteAbstract: There are many security risks in a web environment. However, SQL injections is the most important risk. This risk has seven sub-types and inferential SQL Injection is the most complex sub-type: It is necessary extract the information not in a deterministic way but inferring the data by means of observing behavior changes in the web environment. This thesis is a research process on time reduction of inferential SQL injections present in web environments. With that purpose, a mixed methodology was used (quantitative and qualitative) for analyze the strategies, algorithms and tools that penetration testers current use in evaluation of the aforementioned risk. According to the study conducted, bit-to-bit is the faster algorithm for extracting information and SQLMAP tool is the most complete. In time terms, the SQLBrute - SQL Injection Brute Forcer tool is the best tool for based on time inferential SQL injections and The Mole for non-time based injections. After this identification, a tool was made using optimized algorithm bit-to-bit. That tool was compared with the aforementioned tools and verifying that it is effectively more efficient. Finally, the tool was used in a real environment. In this way, it was found that it is possible to decrease the time in the evaluation of the treated riskMaestr铆
Managing Inventory: A Study of Databases and Database Management Systems
Databases play an important role in the storage and manipulation of data. Databases and database management systems allow for fast and efficient data querying that has recently become increasingly important in most companies and organizations. This paper introduces a few of the different types of database management systems that are in widespread use today. It introduces some important terminology related to databases and database management systems. This paper also briefly discusses web user interfaces, highlighting important user interface design principles. Finally, an inventory management system is implemented for a local stationery store and is integrated with a web application to serve as the front end
Recommended from our members
Design and Democracy: Transformative Agency within Indigenous Structure
South African democracy is perceived and evidenced to be under duress. This research questions how design, when underpinned by transdisciplinarity and abduction, can articulate and address this problem. The literature is reviewed to map how designed objects, processes, and philosophy enable and hamper notions of democracy. Within this literature, two concepts are identified as key to a South African context, and require further research - Indigenous Knowledge Systems (IKS) and cosmopolitanism. The African concept of Ubuntu, a subset of IKS, is argued to function as an authentic context, however, its ability to influence urban and diverse environments is questioned. Cosmopolitan theory, and Dewey's focus on experimentation, is argued to promote normative organisation, and its application to facilitate urban and dynamic participation is questioned. The Cape Town precinct - Long Street - provides a case study with which to unpack these two key concepts, and obtain empirical data to answer the research questions. Qualitative data is firstly obtained, from key informants who have the authority to influence the case study delineation. Based on this data, an Abductive instrument (Ai), based on Experience Design (XD) and Designing For Participation (DFP) methods, obtains quantitative data from public actors. Findings from the research include: political philosophy is increasingly enabled and countered by design; design is required to deconstruct and not fortify South African democracy; design is capable of operationalising decolonisation as a constructive, and not reductive, act; indigeneity is being reclaimed in urban contexts, and reinterpreted by design; reflective participation, and not historical assimilation, is a fundamental challenge for political studies; publics experiment with, and not on, themselves. The key implication of the research is designing critical representation, which is at the intersection of design, IKS, and cosmopolitanism. Here, empowerment is an indigenous imperative, design synthesises direct and representative democracy, and design intent is hyper-transparent