Exploring Defense of SQL Injection Attack in Penetration Testing

aut.embargoNoen_NZ
aut.thirdpc.containsNoen_NZ
aut.thirdpc.permissionNoen_NZ
aut.thirdpc.removedNoen_NZ
dc.contributor.advisorYan, Wei Qi
dc.contributor.advisorYang, Mee Loong (Bobby)
dc.contributor.authorZhu, Yao Chu
dc.date.accessioned2016-09-11T22:12:40Z
dc.date.available2016-09-11T22:12:40Z
dc.date.copyright2016
dc.date.created2016
dc.date.issued2016
dc.date.updated2016-09-11T12:15:51Z
dc.description.abstractSQLIA is adopted to attack websites with and without confidential information. Hackers utilize the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack (DDoS). The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims always are not aware of that their confidential information has been compromised for a long time. The contributions of this thesis are: (1) systematically explore SQLIA, SQLIA prevention in theory; (2) demonstrate, evaluate imitative SQLIA with open source SQLIA tools and SQLIA prevention tools in practice; (3) new filters for eliminating SQLIA evading IDS/IPS detection techniques to improve SQLIA prevention. The achievements of this thesis are to successfully obtain 637 copies replied questionaire of surveying open source SQLIA tools and open source SQLIA prevention tools in quantitative research. Up to 76 virtual websites which have not been installed any SQLIA prevention tools have been successfully compromised in 500 penetration tests by SQLIA experiments in virtual environment of qualitative research. Furthermore, 27 compromised virtual websites that are installed with SQLIA prevention tools have experiences 600 times penetration tests. The open source SQLIA prevention tools successfully prevent total 573 times out of 600 times SQLIA penetration tests. To conduct 100 times penetration tests for each new filters of eliminating SQL injection evading IDS/IPS detection and testing result shows that all new filters can successfully prevent evading techniques with a high percentage, but with some side effect.en_NZ
dc.identifier.urihttps://hdl.handle.net/10292/10020
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.rights.accessrightsOpenAccess
dc.subjectSQL injection attacken_NZ
dc.subjectdatabase protectionen_NZ
dc.subjectweb application vulnerabilitiesen_NZ
dc.subjecthackingen_NZ
dc.subjectcyber-attack.en_NZ
dc.titleExploring Defense of SQL Injection Attack in Penetration Testingen_NZ
dc.typeThesis
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Computer and Information Sciencesen_NZ
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
ZhuYC.pdf
Size:
1.43 MB
Format:
Adobe Portable Document Format
Description:
Whole thesis
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
897 B
Format:
Item-specific license agreed upon to submission
Description:
Collections