17 research outputs found
A detailed survey on various aspects of SQL injection in web applications: vulnerabilities, innovative attacks and remedies
In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks
A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies
In today’s world, Web applications play a very important role in individual life as well as in any country’s development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks
A Survey on SQL injection: vulnerabilities, attacks, and prevention techniques
In this paper, we present a detailed review on various types of SQL injection attacks, vulnerabilities, and prevention techniques. Alongside presenting our findings from the survey, we also note down future expectations and possible development of countermeasures against SQL injection attacks
CO2 emissions and financial development: evidence from the United Arab Emirates based on an ARDL approach
This paper explores the influence of economic and financial development on carbon emissions in the United Arab Emirates. The study uses the ARDL approach in order to investigate the long run relationship between carbon emissions and a set of economic and financial variables. The long-run and short-run Granger-causal directions are captured through the Error Correction Model (ECM). In order to determine the relative contributions of economic and financial variables to the evolution of per capita carbon emissions, variance decomposition is used. The period considered for the purpose of this study is the full sample (1975–2013). To the best of our knowledge there is no study in this kind focusing only on the United Arab Emirates. Hence we are attempting an humble contribution with this regards. The findings tend to suggest that there is a decline of CO2 emissions in the long run. Also, considering the error correction model output, we can argue that the financial variables, especially the domestic credit to private sector, have an impact in CO2 emissions. This finding is in line with that of Shahbaz et al. (2013) who found out through two different studies (South Africa and Malaysia) that private sector credit had a reducing impact on CO2 emissions
CO2 emissions and financial development: evidence from the United Arab Emirates based on an ARDL approach
This paper explores the influence of economic and financial development on carbon emissions in the United Arab Emirates. The study uses the ARDL approach in order to investigate the long run relationship between carbon emissions and a set of economic and financial variables. The long-run and short-run Granger-causal directions are captured through the Error Correction Model (ECM). In order to determine the relative contributions of economic and financial variables to the evolution of per capita carbon emissions, variance decomposition is used. The period considered for the purpose of this study is the full sample (1975–2013). To the best of our knowledge there is no study in this kind focusing only on the United Arab Emirates. Hence we are attempting an humble contribution with this regards. The findings tend to suggest that there is a decline of CO2 emissions in the long run. Also, considering the error correction model output, we can argue that the financial variables, especially the domestic credit to private sector, have an impact in CO2 emissions. This finding is in line with that of Shahbaz et al. (2013) who found out through two different studies (South Africa and Malaysia) that private sector credit had a reducing impact on CO2 emissions
A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques
In this paper, we present a detailed review on various types of SQL injection attacks, vulnerabilities, and prevention techniques. Alongside presenting our findings from the survey, we also note down future expectations and possible development of countermeasures against SQL injection attacks.
Fistula recurrence, pregnancy, and childbirth following successful closure of female genital fistula in Guinea : a longitudinal study
Background: Female genital fistula is a devastating maternal complication of delivery in developing countries. We sought to analyse the incidence and proportion of fistula recurrence, residual urinary incontinence, and pregnancy after successful fistula closure in Guinea, and describe the delivery-associated maternal and child health outcomes.
Methods: We did a longitudinal study in women discharged with a closed fistula from three repair hospitals supported by Engender Health in Guinea. We recruited women retrospectively (via medical record review) and prospectively at hospital discharge. We used Kaplan-Meier methods to analyse the cumulative incidence, incidence proportion, and incidence ratio of fistula recurrence, associated outcomes, and pregnancy after successful fistula closure. The primary outcome was recurrence of fistula following discharge from repair hospital in all eligible women who consented to inclusion and could provide follow-up data.
Findings: 481 women eligible for analysis were identified retrospectively (from Jan 1, 2012, to Dec 31, 2014; 348 women) or prospectively (Jan 1 to June 20, 2015; 133 women), and followed up until June 30, 2016. Median follow-up was 28.0 months (IQR 14.6-36.6). 73 recurrent fistulas occurred, corresponding to a cumulative incidence of 71 per 1000 person-years (95% CI 56.5-89.3) and an incidence proportion of 18.4% (14.8-22.8). In 447 women who were continent at hospital discharge, we recorded 24 cases of post-repair residual urinary incontinence, equivalent to a cumulative incidence of 23.1 per 1000 person-years (14.0-36.2), and corresponding to 10.3% (5.2-19.6). In 305 women at risk of pregnancy, the cumulative incidence of pregnancy was 106.0 per 1000 person-years, corresponding to 28.4% (22.8-35.0) of these women. Of 50 women who had delivered by the time of follow-up, only nine delivered by elective caesarean section. There were 12 stillbirths, seven delivery-related fistula recurrences, and one maternal death.
Interpretation: Recurrence of female genital fistula and adverse pregnancy-related maternal and child health outcomes were frequent in women after fistula repair in Guinea. Interventions are needed to safeguard the health of women after fistula repair
Using rough set through for classification of image segmentation data
Knowledge Discovery in Database (KDD) can be defined as a technology or a process that helps to extract valuable information including hidden and unseen patterns, trends and relationships between variables from a large amount of data. The information learnt and the discovery made can help in applying the new found pattern in the training set to an unseen data, known as test set, that can guide and facilitate a crucial business decision making task. A large number of data mining techniques have been proposed in the literature for classification purpose. In this work, we are using the Rough Set Classifier (RSC) for mining image segmentation data set obtained from an online machine learning data repository. The RSC is a rule based data mining technique which generates rules from large databases and has great capabilities to deal with noise and uncertainty in data set. In order to find out the best accuracy method, we conducted around 10 experiments by varying the proportions between the training and test sets. The best method gave us an accuracy of 85.71%
A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks
Quite a number of new technologies and concepts have emerged lately and they are yet to be fully absorbed by the growing market. The concepts range from the architectural evolutions in telecommunications and access networks known as Next Generation Networks (NGNs) to other technologies such as: Pervasive/Ubiquitous Computing, Future Internet, Internet Of Things (IoT), Cloud Computing, Green Computing, and the like. All these inventions and concepts basically deal more or less with data (or, information). The reality is that in most of the cases, we cannot talk about data without relating those with their containers, i.e., databases (data storage) which store the data. Talking about databases would mean dealing with the contents (SELECT, UPDATE, DELETE, DROP, etc.) whereby comes forward the threat of SQL Injection attacks. From an individual adoption to a complete nation’s scenario (e-Governance), the Internet technology has gone through a very rapid growth recently and its adoption is moving faster than ever before. Billions of transactions are done today online via a wide range of Internet technologies. However, this does not mean that our online business and transaction is secure from potential threats. On the other hand, most studies show the contrary: emerging threats are increasing exponentially. For some consecutive times, SQL Injection is categorized as the top-10 Web application vulnerabilities experienced by Web applications. Prior to any communication with the backend database, a user has to be identified. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection (using SQL Injection statements) gives access to unauthorized users.
In this chapter, we present a walk through SQL Injection vulnerabilities, attacks, and their prevention techniques in current and future networks. It is very much likely that the threats of SQL Injection will remain almost similar to that of the current status, for the next generation and future networks. Innovative tactics of using SQL Injection pose constant headache for the security experts. Hence, alongside presenting our findings from the comprehensive study about past and present, we also note down future expectations and possible development of countermeasures against SQL Injection attacks