Detection And Prevention For SQL Injection Attacks In Stored Procedures Using Real Time Web Application

At present, web applications have been used for most of our activities in our life. Web applications are affected by the attacks of SQL injection. SQL injection is a prevalent technique that attackers appoint to impose the database in the most of web applications, by manipulate the SQL queries that send to RDBMS. Hence, change the behavior of the application. Stored procedures SQL injection attack is one of the serious attacks that posed database threats in the underlying database that underlie web applications. Whereas, the attack can be crafted to execute stored procedures that provided by a particular database, encompasses procedures that deal with the operating system. In this research, three major objectives can be organized to direct the work study are: Firstly, to investigate the attacks of SQL injection, and study what has been done to detect and prevent SQLIA in stored procedures in order to, eliminate the lack of their approaches and highlight their weakness, secondly, to identify the various obstacles and factors that would be encountered will be led to be successful to build an appropriate defensive approach to detect and prevent SQLIAs, and the third objective is, to develop WASP tool to build a real-time web application tool (RT-WASP) to detect the SQLIAs, and propose a suitable protective approach to prevent stored procedures SQLIAs. Our methodology encompassed, four phases, primary study or investigation phase, modeling phase, development and proposing phase, evaluations and discussion phase. Investigation phase will study current approaches to counter SQLIAs. Background study, highlight problems and weakness in order to address the gap in detection and prevention SQLIA domain. In modeling phase, evaluate the performance of the existing techniques to identify the factors that would be encountered will be led to get better and efficient results in our work study. In developing and proposing phase, a suitable tool will be developed, and effective preventive approach will be proposed. Evaluations and discussion phase will take a place in order to finalize our work research. The main contributions of this research study are: First, Summarized and analysis of a detailed review of various SQLI attacks and investigation of previous approaches that detected and prevented these attacks in Web applications. Second, developed WASP tool that has been proposed by Halfond.2008 to detect the attacks of SQLI in real-time web applications. Third, proposed a protective approach that includes three preventive mechanisms that are: parameterized stored procedures, customized error messages, and encryption stored procedures in the SQL server. In order to, prevent the danger of SQLIA in stored procedures, and the last contribution is, conducted a comparison analysis of the developed technique and proposed protective approach based on the evaluations respect to efficiency and effectiveness of the technique, and effectiveness of the proposed protective approach. RT-WASP was efficient due to able to stop all SQLIAs and did not generate any false negative, a few false positive values in the results, and pose, low overhead and minimal deploy requirements. Whilst, our protective approach was effectiveness due to, capable to prevent the attacks of stored procedures SQLIAs. Finally, identify and focus on the future scope

Energy Efficient Cluster Based Routing Protocol for Dynamic and Static Nodes in Wireless Sensor Network

Power consumption is considered one of the most significant challenges in the wireless network sensors (WSNs). In this paper, an investigation of the power consumption is done by making a comparison between static and dynamic WSNs. We have compared the results of the static network with the results of the dynamic network. Static and dynamic wireless Sensor networks have the same architecture (Homogenous) and proposed protocol. Depending on the suggested protocol, the simulation results show that the energy consumption in the static wireless sensor network was less than the dynamic wireless sensor network. However, moving the sensors in the dynamic WSN present real improvement in delivering packets to the base station. In the proposed routing protocol, transmitting data process is done in a hierarchal way. Cheap sensors are introduced and deploy them intensively to improve the QoS in the network. The final results and the conclusion are reported

Real-Time Heart Pulse Monitoring Technique Using Wireless Sensor Network and Mobile Application

Wireless Sensor Networks (WSNs) for healthcare have emerged in the recent years. Wireless technology has been developed and used widely for different medical fields. This technology provides healthcare services for patients, especially who suffer from chronic diseases. Services such as catering continuous medical monitoring and get rid of disturbance caused by the sensor of instruments. Sensors are connected to a patient by wires and become bed-bound that less from the mobility of the patient. In this paper, proposed a real-time heart pulse monitoring system via conducted an electronic circuit architecture to measure Heart Pulse (HP) for patients and display heart pulse measuring via smartphone and computer over the network in real-time settings. In HP measuring application standpoint, using sensor technology to observe heart pulse by bringing the fingerprint to the sensor via used Arduino microcontroller with Ethernet shield to connect heart pulse circuit to the internet and send results to the web server and receive it anywhere. The proposed system provided the usability by the user (user-friendly) not only by the specialist. Also, it offered speed andresults accuracy, the highest availability with the user on an ongoing basis, and few cost

Multi-function intelligent robotic in metals detection applications

Recent technologies for robotics have been offered an effective and efficient solution to safeguard workers from risks in their work environments. These risks involve radioactive, toxic, explosive and mines. In this paper, design and implement computer robot based on metal detection as well as avoiding obstacles automatically. The proposed wireless controlled robotic vehicle can be used in metal detection applications such as landmine detection, obstacles avoidance, selecting best routing without imposing human's harms and workforce aspects. The robotic wheel can sense the obstacles that positioning at ahead of its path, and also avoids the obstacles forward, left and right of its routes. The robot is controlled by using Bluetooth wireless communication to interface between the controller and the implemented robot. Furthermore, sensor IR (FC-03) for the metal detector and used ultrasonic sensor (HC-SR04) for objects or obstacles sensing. The presented controlled robotic designed for desert and dry soil that can replace the human role in avoiding obstacles and metal detection capabilities. The produced robot was useful due to it can detect metals and avoiding obstacles consecutively besides it was effective to select the best route based on the intelligent technique that adopted, the predefined metals by using an intelligent decision maker for route finder in a flat surface environment

Secured e-payment system based on automated authentication data and iterated salted hash algorithm

Electronic payment has been considered as one of the most significant and convenient applications of modern electronic services e-University compared to traditional methods that impose time-consuming, human resources, and inefficiency. Different automatic identification technologies have been widely used, such as radio frequency identification (RFID). Extensive research and several applications are focusing on taking the maximum advantage of RFID technology. Data and information security had considered a crucial role when information concerning e-commerce, e-banking, or e-payments, especially due to it required real data to establish accessed illegally. Hence, data originality and security fall a very significant and critical issue in data communication services in recent years. Applications such as e-banking or e-commerce regularly contain sensitive and personal information that should be managed and controlled by authorized persons. Thus, keeping a secure password is important to prevent unauthorized users from illegal access. The password hashing is one of the safety methods and means of preventing attacks. In this article, focuses on proposing an RFID based electronic payment and also provide multi-level security privileges for an academic domain by using RFID technology besides the programmable logic circuit as well the system used VB.Net C# environment also desktop and web-based application for system working purposes. The proposed system aims to manage student payments in a secure manner and provides the capabilities of getting a bus ticket, copying books, buying food, paying registration fees, and other services. The results have shown the system is secured by using the confirmation code in addition to password encryption

A feasibility study of electrical energy generation from municipal solid waste in Iraq: Najaf case study

In several developing countries, the electricity crisis obstructs both socio-economic and technological sustainable evolution. Also, it leads to reducing job availability due to shut down several industries or relocate to neighbouring countries to such an issue. A Najaf City is an important holy and tourist city in the middle of Iraq country. Indeed, waste management in An Najaf City needs to be reconsidered to be used as an energy source. In this article, we investigated and listed the waste quantity which produced recently (one year) respect to waste types and types of content. Data collected from the waste products for one year and are used as a key factor to study the feasibility of generating electrical energy from collected MSWs. The proposed model was simulated and tested respect to cost analysis factor of the suggested power plant by Homer pro simulation software. Results were very encouraging and competitive to the current energy production cost based on the production cost of the Kwh prospective among the conventional methods in Iraq. The proposed scenario provide proper and secure waste proposal technique with low-cost

Wireless Internet Of Things-Based Air Quality Device For Smart Pollution Monitoring

Living in a healthy environment is a need for every human being whether indoor or outdoor. However, pollutions occur everywhere and most people are merely mindful of the importance of having clean outdoor air to breathe and are not concerned about the indoor air quality. Indoor air quality refers to the quality within the building, and relates to the health and comfort of the building occupants. Dangerous particles exist in the outside air, pollute the indoor environment and produce harmful conditions as the polluted air travels into the house or building through windows or doors. Therefore, a wireless Internet of Things-based air quality device is developed to monitor the air quality in the indoor environment. The proposed system integrates a low-cost air quality sensor, temperature and humidity sensors, a single-board computer (Raspberry Pi 2 microprocessor) and cloud storage. The system provides real-time air quality reading, transfers the data through a wireless network to the Internet and displays the data in dedicated webpage. Furthermore, it stores records in cloud storage and sends e-mail notification message to the user when unhealthy condition is met. The study has a significant impact on promoting affordable and portable smart pollution monitoring system as the development of the device utilizing low-cost and off-the-shelf components

Cyber-Security Incidents: A Review Cases In Cyber-Physical Systems

Cyber-Physical Systems refer to systems that have an interaction between computers, communication channels and physical devices to solve a real-world problem. Towards industry 4.0 revolution, Cyber-Physical Systems currently become one of the main targets of hackers and any damage to them lead to high losses to a nation. According to valid resources, several cases reported involved security breaches on Cyber-Physical Systems. Understanding fundamental and theoretical concept of security in the digital world was discussed worldwide. Yet, security cases in regard to the cyber-physical system are still remaining less explored. In addition, limited tools were introduced to overcome security problems in Cyber-Physical System. To improve understanding and introduce a lot more security solutions for the cyber-physical system, the study on this matter is highly on demand. In this paper, we investigate the current threats on Cyber-Physical Systems and propose a classification and matrix for these threats, and conduct a simple statistical analysis of the collected data using a quantitative approach. We confirmed four components i.e., (the type of attack, impact, intention and incident categories) main contributor to threat taxonomy of Cyber-Physical System

Reducing the environmental impact of surgery on a global scale: systematic review and co-prioritization with healthcare workers in 132 countries

Abstract Background Healthcare cannot achieve net-zero carbon without addressing operating theatres. The aim of this study was to prioritize feasible interventions to reduce the environmental impact of operating theatres. Methods This study adopted a four-phase Delphi consensus co-prioritization methodology. In phase 1, a systematic review of published interventions and global consultation of perioperative healthcare professionals were used to longlist interventions. In phase 2, iterative thematic analysis consolidated comparable interventions into a shortlist. In phase 3, the shortlist was co-prioritized based on patient and clinician views on acceptability, feasibility, and safety. In phase 4, ranked lists of interventions were presented by their relevance to high-income countries and low–middle-income countries. Results In phase 1, 43 interventions were identified, which had low uptake in practice according to 3042 professionals globally. In phase 2, a shortlist of 15 intervention domains was generated. In phase 3, interventions were deemed acceptable for more than 90 per cent of patients except for reducing general anaesthesia (84 per cent) and re-sterilization of ‘single-use’ consumables (86 per cent). In phase 4, the top three shortlisted interventions for high-income countries were: introducing recycling; reducing use of anaesthetic gases; and appropriate clinical waste processing. In phase 4, the top three shortlisted interventions for low–middle-income countries were: introducing reusable surgical devices; reducing use of consumables; and reducing the use of general anaesthesia. Conclusion This is a step toward environmentally sustainable operating environments with actionable interventions applicable to both high– and low–middle–income countries

Review of cyber attacks classifications and threats analysis in cyber-physical systems

Cyber-physical systems (CPSs) have been widely used in many different critical areas like smart grid, healthcare, aircraft and etc. and they played a significant role in our daily lives. However, the CPS systems currently are one of the critical hackers' targets that have a lot of incidents due of the high impacts of these systems. Several works have been conducted in CPS, but still, there is a lack of theories and tools that organisations and researchers can use to understand the nature of the new threats and the impacts of each danger. This article provides description of CPSs usage areas and security challenges in some of the critical CPS fields. Likewise, discusses frameworks and taxonomies that have been used for classifying cyber-attacks or incidents. As well, study and analyse threats that have been stated in the previous studies and research to understand the current status of the risks on CPS