Sequence Query Language Injection in Web Application Store Security

Chan, Chee Chuen (2020) Sequence Query Language Injection in Web Application Store Security. Final Year Project (Bachelor), Tunku Abdul Rahman University College.

Text Chan Chee Chuen_Fulltext.pdf Restricted to Registered users only Download (3MB)

Abstract

SQL injection attack is one of the most popular vulnerability attacks in the online web application as it has been listed through the most popular security research website of OWASP Top 10 Most Critical Web Application Security Risks from 2013 to 2017. (OWASP, 2017). The objective of developing this project is to develop a landing page of web application that are able to prevent SQL injection attack. This project is to prevent and develop with a secure web application in order to protect it from the SQL injection attack of vulnerability and other minor security risk. In the developing of the web application progress dot net (.NET) is one of the frameworks and are regularly expression that is mainly use to prevent SQL injection attack which is String SQL injection attack and Piggy-backed Queries attack. The tools that use to develop this web application is using Visual Studio 2019 and certain web browsers application which is Google chrome, Internet Explorer, Mozilla Firefox and etc. In this project, my team member and I has developed a web application what is allow the user to upload their project file to the system so that the other user such as student are able to download the file and it also can spread the student project to other users. The main function of the web application is allowing the developer or the user to upload file, sign in account, sign up account, block developer account, block uploaded file, download file, view login logs history, view reports, comment of the file, reject developer files and etc. The method that we use to develop this web application system is waterfall model. In this project we have used questionnaire as the requirement gathering technique that are gather from the public and the college student which is make through the google form and spread it around the college and university. Developing of this project, it has many testings of it and it has been done so that the SQL injection attack has been prevented and protected. Overall this web application is successfully protected to the SQL injection attack and it has been done with its objective and requirements. Last but not least, the weakness of this web application is that the security feature and function have to be keep up to date due to the technology changed rapidly therefore the SQL injection might have new method to attack into the server and the web application have to keep patch in order to prevent getting hack by the attacker.