Detection And Prevention For SQL Injection Attacks In Stored Procedures Using Real Time Web Application

At present, web applications have been used for most of our activities in our life. Web applications are affected by the attacks of SQL injection. SQL injection is a prevalent technique that attackers appoint to impose the database in the most of web applications, by manipulate the SQL queries that send to RDBMS. Hence, change the behavior of the application. Stored procedures SQL injection attack is one of the serious attacks that posed database threats in the underlying database that underlie web applications. Whereas, the attack can be crafted to execute stored procedures that provided by a particular database, encompasses procedures that deal with the operating system. In this research, three major objectives can be organized to direct the work study are: Firstly, to investigate the attacks of SQL injection, and study what has been done to detect and prevent SQLIA in stored procedures in order to, eliminate the lack of their approaches and highlight their weakness, secondly, to identify the various obstacles and factors that would be encountered will be led to be successful to build an appropriate defensive approach to detect and prevent SQLIAs, and the third objective is, to develop WASP tool to build a real-time web application tool (RT-WASP) to detect the SQLIAs, and propose a suitable protective approach to prevent stored procedures SQLIAs. Our methodology encompassed, four phases, primary study or investigation phase, modeling phase, development and proposing phase, evaluations and discussion phase. Investigation phase will study current approaches to counter SQLIAs. Background study, highlight problems and weakness in order to address the gap in detection and prevention SQLIA domain. In modeling phase, evaluate the performance of the existing techniques to identify the factors that would be encountered will be led to get better and efficient results in our work study. In developing and proposing phase, a suitable tool will be developed, and effective preventive approach will be proposed. Evaluations and discussion phase will take a place in order to finalize our work research. The main contributions of this research study are: First, Summarized and analysis of a detailed review of various SQLI attacks and investigation of previous approaches that detected and prevented these attacks in Web applications. Second, developed WASP tool that has been proposed by Halfond.2008 to detect the attacks of SQLI in real-time web applications. Third, proposed a protective approach that includes three preventive mechanisms that are: parameterized stored procedures, customized error messages, and encryption stored procedures in the SQL server. In order to, prevent the danger of SQLIA in stored procedures, and the last contribution is, conducted a comparison analysis of the developed technique and proposed protective approach based on the evaluations respect to efficiency and effectiveness of the technique, and effectiveness of the proposed protective approach. RT-WASP was efficient due to able to stop all SQLIAs and did not generate any false negative, a few false positive values in the results, and pose, low overhead and minimal deploy requirements. Whilst, our protective approach was effectiveness due to, capable to prevent the attacks of stored procedures SQLIAs. Finally, identify and focus on the future scope

An Experimental Study in Diagnostic Testing and Concept Development in Secondary School Biology

Through a survey on the role of concepts in the field of science learning and teaching, the researcher pointed out that the teaching of biology should be made towards concept attainment and development

Improving The Voided Reinforced Concrete Beams Behavior by Strenthining The Compression Zone Concrete Using Polyvinyl Alcohol

تحديد أبعاد العتب الخرساني المسلح المستمر يعتمد على الفضاء الحرج. من الناحية ألعملية فإن تغيير أبعاد الاعتاب الأخرى أمر صعب. يهدف هذا العمل إلى التحقق من إمكانية إضافة فراغات في المناطق الداخلية من الاعتاب التي ابعادها أكثر من المطلوب من أجل تقليل التكلفة والحمل الميت. وعليه, كانت النسبة المئوية المختارة من حجم الفراغات لحجم النماذج المفحوصة هي 10٪. كان شكل الفراغات هو المتغير الأول في الدراسة (الفراغات الكروية أو الفراغات المخروطية). كذلك تم دراسة التغير في سلوك الاعتاب عندما تم استبدال 5 سم من خرسانة منطقة الضغط بطبقة خرسانية أخرى تم تعديلها باستخدام كحول بولي فينيل كمتغير ثان. بعد فحص ست نماذج اظهرت النتائج ان صيغة الفشل تتحول من الانثناء الى القص في الاعتاب الخرسانية المجوفة في حين ان صيغة فشل العتب غير الجوف المصدري كانت بالانثناء. كذلك, كانت صيغة فشل الاعتاب ذات الخرسانة المعدلة باستخدام كحول بولي فينيل بالانثناء باستثناء العتب ذو الفراغات المخروطية فشل بالقص. ورافق هذا ألتحول, تغير الحمل الاقصى بنفس الطريقة. حيث فشلت الاعتاب الخرسانية المجوفة بحمل اقصى أقل من العتب المصدري بنسبة (6.4٪ و 18.3٪) بالنسبة للفراغات الكروية والفراغات المخروطية على التوالي. أما للاعتاب ذات الخرسانة المعدلة ازداد الحمل الاقصى لها عن الحمل الاقصى للعتب المصدري بنسبة (13.8٪ و 5.4٪ و3.1٪) بالنسبة للعتب غير المجوف والعتب ذو الفراغات الكروية والعتب ذو الفراغات المخروطية على التوالي. Determining dimensions of  continuous RC beam depend on the critical span. Practically, changing the dimensions of others spans is difficult. So that, this work aimed to discuss the possibility of adding voids within the beams which its dimensions are more than required in order to reduce the cost and dead load. The selected percent of voids to volume of  tested  beams was 10%.  The shape of voids was a first variable (spherical voids or conic voids). Also, the alteration in behavior when a (5cm) concrete layer thickness of compression zone was replaced with a concrete layer modified with adding polyvinyl alcohol (PVA) was investigated, as a second variable. After testing six samples, the result showed that the failure criteria of normal concrete voided beams is transformed from flexural behavior to shear behavior, while the failure criteria of control solid specimen was flexure behavior. Also, the modified beams failed in flexural behavior except the beam with conic voids failed in shear behavior. Corresponding to this transform, the ultimate load varied in the same manner. Where, the normal concrete voided beams failed with lesser ultimate load than control solid beam of about (6.4% and 18.3%) for spherical and conic voids, respectively. While, the ultimate load of modified concrete beams is increased of about (13.8%, 5.4% and 3.1%) for solid beam, spherical and conic voided beams respectively in comparing control specimen

The ideal applicant to emergency medicine residency programs in Saudi Arabia; Program directors’ view

Objective: Emergency medicine (EM) is considered a competitive specialty worldwide with an acceptance rate of 57% in Canada but more competitive in Saudi Arabia with 18.7%. Factors that influenced the applicant’s acceptance include letters of recommendation, interview performance, research experience, and gender. This study aims to determine the factors playing a role in applicants matching to EM residency programs in Saudi Arabia from the view of program directors. Methods: A pilot study was done using a self-administered-questionnaire distributed to EM residency program directors (PDs) in Saudi Arabia in the period of 16-21 November 2021. The data were analyzed using SPSS, and all ethical considerations were ensured. Results: Twenty-seven PDs participated in the study, 19 (70.4%) were males, and most were former PDs (59.3%). The most crucial aspect in the applicant’s acceptance was the excellent impression in the interview (4.00 ± 1.00). The most crucial aspect of recommendation letters was a recommendation from a program director (29.6%), total duration of electives (40.7%) was superior; quality in EM research (29.6%) played a more critical role, and professionalism (29.6%) was the sought factor during the interview. There was no significant influence of the gender or the status of the PD and region of the program on the preference of the applicant’s gender. Conclusion: For those considering EM residency programs in Saudi Arabia, the chance of acceptance can be increased by getting a recommendation from a program director, increasing the duration of electives in EM, focusing on the research quality, and showing professionalism during the interview

Effect of the Mechanical and Thermal Stresses of Rotating Blades

Rotating blades are the important parts in gas turbines. Hence, an accurate mathematical estimation (F.E.M) of the stresses and deformations characteristics was required in the design applications to avoid failure. In recent years there are researchers interest in the effect of temperature on solid bodies has greatly increased, The main of this study investigated the thermal and rotational effects. So, the thermal stresses due to high pressure and temperature are studies, also determine the steady state stresses and deformations of rotating blades due to mechanical effect. Many parameters such as thickness and centre of rotating are investigated in this paper. The study results can ensure good recommendation for the effect of the mechanical and thermal stresses of rotary blades

Comparison between five estimation methods for reliability function of weighted Rayleigh distribution by using simulation

The Rayleigh distribution and the distribution weighted are most important distributions used in the analysis of data modeling lifelong,  in this paper we derive the  weighted  Rayleigh  distribution  (WRD)  with estimation of its reliability using five methods are  (mle , mom, jackknife , Bayes by using Jeffery information) . we compare  between these methods by ( MSE), using program (MATLAB 2011a), results will be displayed in tables especially for the purpose of to facilitate the comparison. Keywords: Bayes Estimation, weighted distribution, Rayleigh distribution, Extension of Jeffery prior information, Maximum likelihood estimates

New Proposed Length-Biased Weighted Exponential and Rayleigh Distribution with Application

The concept of length-biased distribution can be employed in development of proper models for lifetime data. Length-biased distribution is a special case of the more general form known as weighted distribution. In this paper we introduce  a new class of length-biased of weighted exponential and Rayleigh distributions(LBW1E1D), (LBWRD).This paper surveys some of the possible uses of Length - biased distribution  We study the some of its statistical properties with application of these new distribution. Keywords: length- biased weighted Rayleigh distribution, length- biased weighted exponential distribution,  maximum likelihood estimation

Energy Efficient Cluster Based Routing Protocol for Dynamic and Static Nodes in Wireless Sensor Network

Power consumption is considered one of the most significant challenges in the wireless network sensors (WSNs). In this paper, an investigation of the power consumption is done by making a comparison between static and dynamic WSNs. We have compared the results of the static network with the results of the dynamic network. Static and dynamic wireless Sensor networks have the same architecture (Homogenous) and proposed protocol. Depending on the suggested protocol, the simulation results show that the energy consumption in the static wireless sensor network was less than the dynamic wireless sensor network. However, moving the sensors in the dynamic WSN present real improvement in delivering packets to the base station. In the proposed routing protocol, transmitting data process is done in a hierarchal way. Cheap sensors are introduced and deploy them intensively to improve the QoS in the network. The final results and the conclusion are reported

Secured e-payment system based on automated authentication data and iterated salted hash algorithm

Electronic payment has been considered as one of the most significant and convenient applications of modern electronic services e-University compared to traditional methods that impose time-consuming, human resources, and inefficiency. Different automatic identification technologies have been widely used, such as radio frequency identification (RFID). Extensive research and several applications are focusing on taking the maximum advantage of RFID technology. Data and information security had considered a crucial role when information concerning e-commerce, e-banking, or e-payments, especially due to it required real data to establish accessed illegally. Hence, data originality and security fall a very significant and critical issue in data communication services in recent years. Applications such as e-banking or e-commerce regularly contain sensitive and personal information that should be managed and controlled by authorized persons. Thus, keeping a secure password is important to prevent unauthorized users from illegal access. The password hashing is one of the safety methods and means of preventing attacks. In this article, focuses on proposing an RFID based electronic payment and also provide multi-level security privileges for an academic domain by using RFID technology besides the programmable logic circuit as well the system used VB.Net C# environment also desktop and web-based application for system working purposes. The proposed system aims to manage student payments in a secure manner and provides the capabilities of getting a bus ticket, copying books, buying food, paying registration fees, and other services. The results have shown the system is secured by using the confirmation code in addition to password encryption