Penetration Testing : SQL Injection

 




 

Sew, Jun Ming (2018) Penetration Testing : SQL Injection. Final Year Project (Bachelor), Tunku Abdul Rahman University College.

[img] Text
Sew Jun Ming_FULL TEXT.pdf
Restricted to Registered users only

Download (5MB)

Abstract

The purpose of this project is to explore and evaluate the various techniques of manual and automated penetration testing to detect SQL injection as much as possible. Another purpose of the project is to find out which technique is more effective to detect SQL injection between manual and automated penetration testing technique. The tools and technique used in this project are NetBeans, Kali Linux, Burp Suite, XAMPP, Brackets and Notepad++, Google Chrome, Firefox and HackBar. To carry this project, a dummy website was created to explore the various techniques of manual and automated penetration testing to detect SQL injection. After vulnerabilities are discovered, few solutions are recommended to prevent SQL injection. Penetration testing specially to detect SQL injection has been conducted via manual and automated techniques. The findings showed that the automated penetration technique is more effective in detecting SQL injection than manual penetration technique because the automated penetration technique could find more vulnerable codes that are susceptible to SQL injection. For example, Burp Suite is suitable for tampering data and payload lot of passwords to determine which password is suitable for the use of string SQL injection attack while OWASP Zap can be used to scan all the vulnerabilities on web application including SQL injection. In conclusion, although the project scope focuses only on reducing the possibility of SQL injection, it is highly advisable for all web developers to conduct as many penetrations testing as possible on all types of vulnerabilities using the most cost-effective technique for different vulnerability. Although elimination of all types of vulnerabilities to 100% are impossible but as the saying goes, prevention is better than cure.

Item Type: Final Year Project
Subjects: Science > Computer Science
Faculties: Faculty of Computing and Information Technology > Bachelor of Information Technology (Honours) in Information Security
Depositing User: Library Editor
Date Deposited: 01 Apr 2019 07:39
Last Modified: 18 Apr 2022 07:13
URI: https://eprints.tarc.edu.my/id/eprint/1528