A Case Study of SQL Injection Vulnerabilities Assessment of .bd Domain Web Applications

Abstract

Web applications or services play an important role in present day to day life. They have impact on the development of both individual and a country. Easy access to services such as online education, banking, reservation, shopping, resources, and information sharing have been proven most efficient for every day life. Various government and private organizations of Bangladesh have started to use web services to support clients. Most of the web applications of Bangladesh is registered with .bd domain and developed using content management system(CMS), various scripting language and SQL or MySQL database.Web applications are popular target for web attackers. However the security issues of the .bd domain web applications are not looked appropriately upon as of yet. One of the most attacked vulnerability of the database driven web applications is SQL injection or SQLi. SQLi through URL and user-input field is extremely high risk in current web based applications. Restricting user access to URL and user input field defies the purpose of web applications. However, the un-restricted user access exposes the vulnerable fields to web attacks. To prevent these exploitation'sit is essential to have knowledge of the vulnerabilities adversaries uses to exploit the web applications. This paper presents an evaluation and analysis of SQLi vulnerabilities present in the existing web applications of .bd domain using black box penetration testing approach. User input based SQLi has been used for evaluation. Full Text Link: http://doi.org/10.1109/CyberSec.2015.23