SQL injection: comparison of prevention strategies for PHP / Mohd Fairuz Abdul Jalil

Abdul Jalil, Mohd Fairuz (2008) SQL injection: comparison of prevention strategies for PHP / Mohd Fairuz Abdul Jalil. Degree thesis, Universiti Teknologi MARA (UiTM).

Abstract

Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities. Since most developers are not experienced software security practitioners, a solution for correctly fixing SQL injection vulnerabilities that does not require security expertise is desirable. By using SQL injection attacks, an attacker could thus obtain and/or modify confidential/sensitive information. SQL injection attacks take advantage of code that does not filter input that is being entered directly into a form. Susceptible applications are applications that take direct user input and then generate dynamic SQL that is executed via back-end code. Objectives of the research are to indentify weakness in current website, identify the prevention strategies, applying malicious code to PHP framework which is Joomla 1.0.15 and eZ Publish 4.0.0 and finally identify whether SQL prevention strategies have been applied. As for the results, both framework have applied the SQL injections prevention strategies and not allowing SQL injection to occur.

Metadata

Item Type: Thesis (Degree)
Creators:
Creators
Email / ID Num.
Abdul Jalil, Mohd Fairuz
2005616484
Contributors:
Contribution
Name
Email / ID Num.
Thesis advisor
Maskat, Ruhaila
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Programming languages (Electronic computers)
Q Science > QA Mathematics > Programming languages (Electronic computers) > PHP
Divisions: Universiti Teknologi MARA, Shah Alam > Faculty of Computer and Mathematical Sciences
Programme: Bachelor of Science (Hons) Information System Engineering
Keywords: SQL injection, prevention strategies, PHP
Date: 2008
URI: https://ir.uitm.edu.my/id/eprint/66071
Edit Item
Edit Item

Download

[thumbnail of 66071.pdf] Text
66071.pdf

Download (116kB)

Digital Copy

Digital (fulltext) is available at:

Physical Copy

Physical status and holdings:
Item Status:
Processing

ID Number

66071

Indexing

Statistic

Statistic details