Exploring Defense of SQL Injection Attack in Penetration Testing
SQLIA is adopted to attack websites with and without confidential information. Hackers utilize the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack (DDoS). The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims always are not aware of that their confidential information has been compromised for a long time.
The contributions of this thesis are: (1) systematically explore SQLIA, SQLIA prevention in theory; (2) demonstrate, evaluate imitative SQLIA with open source SQLIA tools and SQLIA prevention tools in practice; (3) new filters for eliminating SQLIA evading IDS/IPS detection techniques to improve SQLIA prevention.
The achievements of this thesis are to successfully obtain 637 copies replied questionaire of surveying open source SQLIA tools and open source SQLIA prevention tools in quantitative research. Up to 76 virtual websites which have not been installed any SQLIA prevention tools have been successfully compromised in 500 penetration tests by SQLIA experiments in virtual environment of qualitative research. Furthermore, 27 compromised virtual websites that are installed with SQLIA prevention tools have experiences 600 times penetration tests. The open source SQLIA prevention tools successfully prevent total 573 times out of 600 times SQLIA penetration tests. To conduct 100 times penetration tests for each new filters of eliminating SQL injection evading IDS/IPS detection and testing result shows that all new filters can successfully prevent evading techniques with a high percentage, but with some side effect.