Abstract
Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities. Since most developers are not experienced software security practitioners, a solution for correctly fixing SQL injection vulnerabilities that does not require security expertise is desirable. By using SQL injection attacks, an attacker could thus obtain and/or modify confidential/sensitive information. SQL injection attacks take advantage of code that does not filter input that is being entered directly into a form. Susceptible applications are applications that take direct user input and then generate dynamic SQL that is executed via back-end code. Objectives of the research are to indentify weakness in current website, identify the prevention strategies, applying malicious code to PHP framework which is Joomla 1.0.15 and eZ Publish 4.0.0 and finally identify whether SQL prevention strategies have been applied. As for the results, both framework have applied the SQL injections prevention strategies and not allowing SQL injection to occur.
Metadata
Item Type: | Thesis (Degree) |
---|---|
Creators: | Creators Email / ID Num. Abdul Jalil, Mohd Fairuz 2005616484 |
Contributors: | Contribution Name Email / ID Num. Thesis advisor Maskat, Ruhaila UNSPECIFIED |
Subjects: | Q Science > QA Mathematics > Programming languages (Electronic computers) Q Science > QA Mathematics > Programming languages (Electronic computers) > PHP |
Divisions: | Universiti Teknologi MARA, Shah Alam > Faculty of Computer and Mathematical Sciences |
Programme: | Bachelor of Science (Hons) Information System Engineering |
Keywords: | SQL injection, prevention strategies, PHP |
Date: | 2008 |
URI: | https://ir.uitm.edu.my/id/eprint/66071 |
Download
66071.pdf
Download (116kB)