Volume 12 Number 2 (Mar. 2017)
Home > Archive > 2017 > Volume 12 Number 2 (Mar. 2017) >
JCP 2017 Vol.12(2): 183-189 ISSN: 1796-203X
doi: 10.17706/jcp.12.2.183-189

SQL Injection Attack Scanner Using Boyer-Moore String Matching Algorithm

Teh Faradilla Abdul Rahman, Alya Geogiana Buja, Kamarularifin Abd. Jalil, Fakariah Mohd Ali
Department of Computer, Technology and Network, Universiti Teknologi MARA, Malaysia.
Abstract—In this day and age, the proliferation of fast Internet and advanced technology, have contributed to the development of millions of web applications and the number is going to continue to increase every day. With their various purposes such as business promotions, online shopping, e-learning and social media, it has increased the possibility of privacy violation, information leakage, unauthorized access and some other security aspects. These attacks can be launched by using several methods; one of them is through a Structured Query Language (SQL) injection. Even though there are several approaches that have been introduced to detect SQL injections such as Brute Force and Knuth-Morris-Pratt, there are still some weaknesses encountered. Therefore in this paper, we studied about the SQL injection methodology and detection models for web vulnerabilities. Apart from that, we proposed a detection model to scan SQL injection on the web environment, based on the defined and identified criteria using the Boyer-Moore String Matching Algorithm. From several tests that had been done, the results showed that the proposed model is able to detect vulnerable web applications with the defined criteria of the SQL Injection. In conclusion, this proposed model can be used by web application developer and system admin to secure the application from being attacked and compromised.

Index Terms—Boyer-Moore, security attack, SQL injection, string matching.

[PDF]

Cite: Teh Faradilla Abdul Rahman, Alya Geogiana Buja, Kamarularifin Abd. Jalil, Fakariah Mohd Ali, "SQL Injection Attack Scanner Using Boyer-Moore String Matching Algorithm," Journal of Computers vol. 12, no. 2, pp. 183-189, 2017.

General Information

ISSN: 1796-203X
Frequency: Monthly (2006-2014); Bimonthly (Since 2015)
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO,  ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jcp@iap.org
  • Sep 13, 2018 News!

    Vol 13, No 10 has been published with online version   [Click]

  • Oct 22, 2018 News!

    Vol 13, No 11 has been published with online version, 10 papers are published in this issue after peer review

  • Aug 06, 2018 News!

    Vol 13, No 1-No 8 has been indexed by EI (Inspec)   [Click]

  • Aug 06, 2018 News!

    Vol 12, No 6 has been indexed by EI (Inspec)   [Click]

  • Apr 24, 2018 News!

    Vol 13, No 9 has been published with online version   [Click]

  • Read more>>