{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T22:13:24Z","timestamp":1651875204139},"reference-count":28,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,10,1]]},"abstract":"<p>SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack (DDoS). The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims may not be even aware of that their confidential data has been compromised for a long time. In this paper, our contribution is that we evaluate several most popular open source SQLIA tools and SQLIA prevention tools with both qualitative and quantitative assessments.<\/p>","DOI":"10.4018\/ijdcf.2017100106","type":"journal-article","created":{"date-parts":[[2017,8,15]],"date-time":"2017-08-15T15:54:40Z","timestamp":1502812480000},"page":"62-71","source":"Crossref","is-referenced-by-count":0,"title":["Exploring Defense of SQL Injection Attack in Penetration Testing"],"prefix":"10.4018","volume":"9","author":[{"given":"Alex","family":"Zhu","sequence":"first","affiliation":[{"name":"Auckland University of Technology, Auckland, New Zealand"}]},{"given":"Wei Qi","family":"Yan","sequence":"additional","affiliation":[{"name":"Auckland University of Technology, School of Computer and Mathematical Sciences, Auckland, New Zealand"}]}],"member":"2432","reference":[{"key":"IJDCF.2017100106-0","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610403"},{"key":"IJDCF.2017100106-1","doi-asserted-by":"publisher","DOI":"10.1177\/1468794106058877"},{"key":"IJDCF.2017100106-2","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2009.5355040"},{"key":"IJDCF.2017100106-3","author":"J.Clarke-Salt","year":"2009","journal-title":"SQL injection attacks and defense"},{"key":"IJDCF.2017100106-4","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSec.2012.6246104"},{"key":"IJDCF.2017100106-5","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"IJDCF.2017100106-6","unstructured":"Halfond, W. G., Viegas, J., & Orso, A. (2006). A classification of SQL-injection attacks and countermeasures. Proceedings of theIEEE International Symposium on Secure Software Engineering (pp. 13-15)."},{"key":"IJDCF.2017100106-7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24704-5_14"},{"key":"IJDCF.2017100106-8","doi-asserted-by":"crossref","unstructured":"Jun, L., & Jun, W. (2011). Security Guarantee in Backend RFID System. Proceedings of theInternational Conference on Business Computing and Global Informatization (BCGIN) (pp. 489-491).","DOI":"10.1109\/BCGIn.2011.129"},{"key":"IJDCF.2017100106-9","doi-asserted-by":"publisher","DOI":"10.1109\/IAdCC.2013.6514419"},{"key":"IJDCF.2017100106-10","doi-asserted-by":"publisher","DOI":"10.1109\/ISDA.2012.6416544"},{"key":"IJDCF.2017100106-11","author":"O.Maor","year":"2004","journal-title":"SQL injection signatures evasion"},{"key":"IJDCF.2017100106-12","author":"B.Martin","year":"2011","journal-title":"CWE\/SANS top 25 most dangerous software errors"},{"key":"IJDCF.2017100106-13","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094840"},{"key":"IJDCF.2017100106-14","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062487"},{"key":"IJDCF.2017100106-15","unstructured":"Merriam, S. B. (2002). Introduction to qualitative research. Qualitative research in practice: Examples for discussion and analysis, 1, 1-17."},{"key":"IJDCF.2017100106-16","doi-asserted-by":"publisher","DOI":"10.1109\/I4CT.2014.6914229"},{"key":"IJDCF.2017100106-17","doi-asserted-by":"publisher","DOI":"10.1109\/CIT.2011.103"},{"key":"IJDCF.2017100106-18","doi-asserted-by":"publisher","DOI":"10.1109\/ICICM.2013.52"},{"key":"IJDCF.2017100106-19","doi-asserted-by":"publisher","DOI":"10.1109\/ICAETR.2014.7012815"},{"key":"IJDCF.2017100106-20","unstructured":"Sharma, C., Jain, S. C., & Sharma, A. K. (2016). Risk based quantitative analysis of SQLIA on web application database. Proceedings of theInternational Conference on Computing for Sustainable Global Development (INDIACom) (pp. 748-752)."},{"key":"IJDCF.2017100106-21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11747-3_15"},{"key":"IJDCF.2017100106-22","doi-asserted-by":"publisher","DOI":"10.1109\/IndiaCom.2014.6828063"},{"key":"IJDCF.2017100106-23","author":"S.Sukamolson","year":"2010","journal-title":"Fundamentals of quantitative research"},{"key":"IJDCF.2017100106-24","doi-asserted-by":"publisher","DOI":"10.1109\/ICISE.2010.5689924"},{"key":"IJDCF.2017100106-25","doi-asserted-by":"crossref","DOI":"10.1109\/ASWEC.2006.40","article-title":"Preventing SQL injection attacks in stored procedures.","author":"K.Wei","year":"2006","journal-title":"Proceedings of the Software Engineering Conference. Australian"},{"key":"IJDCF.2017100106-26","article-title":"On defense and detection of SQL server injection attack.","author":"Q.Xue","year":"2011","journal-title":"Proceedings of the International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM"},{"key":"IJDCF.2017100106-27","doi-asserted-by":"publisher","DOI":"10.1109\/ANTHOLOGY.2013.6784705"}],"container-title":["International Journal of Digital Crime and Forensics"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=188363","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T21:55:39Z","timestamp":1651874139000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJDCF.2017100106"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2017,10,1]]},"references-count":28,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,10]]}},"URL":"https:\/\/doi.org\/10.4018\/ijdcf.2017100106","relation":{},"ISSN":["1941-6210","1941-6229"],"issn-type":[{"value":"1941-6210","type":"print"},{"value":"1941-6229","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,10,1]]}}}