We are still processing incoming thesis deposits. For any thesis deposit queries or issues, kindly email us at tuwhera.opentheses@aut.ac.nz

Show simple item record

dc.contributor.advisorYan, Wei Qi
dc.contributor.advisorYang, Mee Loong (Bobby)
dc.contributor.authorZhu, Yao Chu
dc.description.abstractSQLIA is adopted to attack websites with and without confidential information. Hackers utilize the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack (DDoS). The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims always are not aware of that their confidential information has been compromised for a long time. The contributions of this thesis are: (1) systematically explore SQLIA, SQLIA prevention in theory; (2) demonstrate, evaluate imitative SQLIA with open source SQLIA tools and SQLIA prevention tools in practice; (3) new filters for eliminating SQLIA evading IDS/IPS detection techniques to improve SQLIA prevention. The achievements of this thesis are to successfully obtain 637 copies replied questionaire of surveying open source SQLIA tools and open source SQLIA prevention tools in quantitative research. Up to 76 virtual websites which have not been installed any SQLIA prevention tools have been successfully compromised in 500 penetration tests by SQLIA experiments in virtual environment of qualitative research. Furthermore, 27 compromised virtual websites that are installed with SQLIA prevention tools have experiences 600 times penetration tests. The open source SQLIA prevention tools successfully prevent total 573 times out of 600 times SQLIA penetration tests. To conduct 100 times penetration tests for each new filters of eliminating SQL injection evading IDS/IPS detection and testing result shows that all new filters can successfully prevent evading techniques with a high percentage, but with some side effect.en_NZ
dc.publisherAuckland University of Technology
dc.subjectSQL injection attacken_NZ
dc.subjectdatabase protectionen_NZ
dc.subjectweb application vulnerabilitiesen_NZ
dc.titleExploring Defense of SQL Injection Attack in Penetration Testingen_NZ
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Computer and Information Sciencesen_NZ

Files in this item


This item appears in the following Collection(s)

Show simple item record