Volume 12 Number 2 (Mar. 2017)
Home > Archive > 2017 > Volume 12 Number 2 (Mar. 2017) >
JCP 2017 Vol.12(2): 183-189 ISSN: 1796-203X
doi: 10.17706/jcp.12.2.183-189

SQL Injection Attack Scanner Using Boyer-Moore String Matching Algorithm

Teh Faradilla Abdul Rahman, Alya Geogiana Buja, Kamarularifin Abd. Jalil, Fakariah Mohd Ali
Department of Computer, Technology and Network, Universiti Teknologi MARA, Malaysia.
Abstract—In this day and age, the proliferation of fast Internet and advanced technology, have contributed to the development of millions of web applications and the number is going to continue to increase every day. With their various purposes such as business promotions, online shopping, e-learning and social media, it has increased the possibility of privacy violation, information leakage, unauthorized access and some other security aspects. These attacks can be launched by using several methods; one of them is through a Structured Query Language (SQL) injection. Even though there are several approaches that have been introduced to detect SQL injections such as Brute Force and Knuth-Morris-Pratt, there are still some weaknesses encountered. Therefore in this paper, we studied about the SQL injection methodology and detection models for web vulnerabilities. Apart from that, we proposed a detection model to scan SQL injection on the web environment, based on the defined and identified criteria using the Boyer-Moore String Matching Algorithm. From several tests that had been done, the results showed that the proposed model is able to detect vulnerable web applications with the defined criteria of the SQL Injection. In conclusion, this proposed model can be used by web application developer and system admin to secure the application from being attacked and compromised.

Index Terms—Boyer-Moore, security attack, SQL injection, string matching.

[PDF]

Cite: Teh Faradilla Abdul Rahman, Alya Geogiana Buja, Kamarularifin Abd. Jalil, Fakariah Mohd Ali, "SQL Injection Attack Scanner Using Boyer-Moore String Matching Algorithm," Journal of Computers vol. 12, no. 2, pp. 183-189, 2017.

General Information

ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO,  ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
  • Nov 14, 2019 News!

    Vol 14, No 11 has been published with online version   [Click]

  • Mar 20, 2020 News!

    Vol 15, No 2 has been published with online version   [Click]

  • Dec 16, 2019 News!

    Vol 14, No 12 has been published with online version   [Click]

  • Sep 16, 2019 News!

    Vol 14, No 9 has been published with online version   [Click]

  • Aug 16, 2019 News!

    Vol 14, No 8 has been published with online version   [Click]

  • Read more>>