Analysis of Web Server Security Against Structure Query Language Injection Attacks in ASEAN Senior High Schools
Abstract
Cyber crime continues every day that is always trying to exploit security holes that can be infiltrated. The techniques used vary greatly and the intended target can befall anyone, whether government institutions, private institutions, organizations and even educational institutions. One of the techniques used by intruders is the SQLI attack on the web server. This disorder can cause the information presented to be unavailable normally. once control of the database successfully taken over by the attacker, the data will be easily controlled and other attacks can be done against the client. In this study, an assessment of SQLI attacks on senior high schools in some ASEAN countries was conducted. The analysis was performed on the web server of senior high school in seven ASEAN countries. In this article, methods the forensic used to analyze web servers against attacks SQLI. There is still a lot of web server that vulnerable to SQLI. From the analysis obtained on average 20.86% for the type of SQLI in each country. Of the 70 samples of the website showed a study of web server with techniques SQLI is the highest risk level of 27% in Web Server Singapore and lowest risk level of 7% on a Web Server the Philippines.
Downloads
References
[2] Yao-Wen Huang, Chung-Hung Tsai, D. T. Lee, and Sy-Yen Kuo, “Non-Detrimental Web Application Security Scanning,” in 15th International Symposium on Software Reliability Engineering, pp. 219–230.
[3] T. Winograd, M. Tracy, and W. Jansen, “Guidelines on Securing Public Web Servers Recommendations of the National Institute of Standards and Technology,” NIST Spec. Publ. 800-44, no. 800–44 Version 2, 2007.
[4] Susanto, Four Ways on How Web Server Works Briefly With its Image in a Network, June 16th 2016(https://jogjahostingterbaik.com), accessed on 21st May 2018
[5] A. Pomeroy and Q. Tan, “Effective SQL Injection Attack Reconstruction Using Network Recording,” in 2011 IEEE 11th International Conference on Computer and Information Technology, 2011, pp. 552–556.
[6] Y.Tiwari and M.Tiwari. Article: A Study of SQL of Injections Techniques and their Prevention Methods. International Journal of Computer Applications 114(17): 31-33, March 2015.
[7] N. Venkataramanan, “Proposing a Framework for Digital Network Forensic Evidence Accumulation in Cloud Environment,” vol. 10, no. 10, pp. 2963–2972, 2017.
[8] S. Agrawal and U. Singh, “Prevention of SQL Injection Attack in Web Application With Host Language,” pp. 1468–1470, 2017.
[9] Z. S. Alwan and M. F. Younis, “Detection and Prevention of SQL Injection Attack : A Survey,” vol. 6, no. 8, pp. 5–17, 2017.
