Digitala Vetenskapliga Arkivet

Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Preventing SQL Injections by Hashing the Query Parameter Data
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för datalogi och datorsystemteknik.
2017 (Engelska)Självständigt arbete på grundnivå (kandidatexamen), 10 poäng / 15 hpStudentuppsats (Examensarbete)
Abstract [en]

Context. Many applications today use databases to store user informationor other data for their applications. This information can beaccessed through various different languages depending on what typeof database it is. Databases that use SQL can maliciously be exploitedwith SQL injection attacks. This type of attack involves inserting SQLcode in the query parameter. The injected code sent from the clientwill then be executed on the database. This can lead to unauthorizedaccess to data or other modifications within the database.

Objectives. In this study we investigate if a system can be builtwhich prevents SQL injection attacks from succeeding on web applicationsthat is connected with a MySQL database. In the intendedmodel, a proxy is placed between the web server and the database.The purpose of the proxy is to hash the SQL query parameter dataand remove any characters that the database will interpret as commentsyntax. By processing each query before it reaches its destination webelieve we can prevent vulnerable SQL injection points from being exploited.

Methods. A literary study is conducted the gain the knowledgeneeded to accomplish the objectives for this thesis. A proxy is developedand tested within a system containing a web server and database.The tests are analyzed to arrive at a conclusion that answers ours researchquestions.

Results. Six tests are conducted which includes detection of vulnerableSQL injection points and the delay difference on the system withand without the proxy. The result is presented and analyzed in thethesis.

Conclusions. We conclude that the proxy prevents SQL injectionpoints to be vulnerable on the web application. Vulnerable SQL injectionpoints is still reported even with the proxy deployed in thesystem. The web server is able to process more http requests that requiresa database query when the proxy is not used within the system.More studies are required since there is still vulnerable SQL injectionspoints.

Ort, förlag, år, upplaga, sidor
2017. , s. 25
Nyckelord [en]
SQL injection, Proxy, MD5 hash, Regex.
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:bth-14922OAI: oai:DiVA.org:bth-14922DiVA, id: diva2:1120676
Ämne / kurs
DV1478 Kandidatarbete i datavetenskap
Utbildningsprogram
DVGIS IT-säkerhet
Presentation
2017-05-29, J1610, Karlskrona, 13:45 (Svenska)
Handledare
Examinatorer
Tillgänglig från: 2017-07-07 Skapad: 2017-07-06 Senast uppdaterad: 2018-01-13Bibliografiskt granskad

Open Access i DiVA

fulltext(534 kB)1276 nedladdningar
Filinformation
Filnamn FULLTEXT02.pdfFilstorlek 534 kBChecksumma SHA-512
18f1d002d243f835fa3146cb64a47070f33001a56331018c981b84d6bfd1afbd8c1cc031bcfe2a01c0d9588769d636e3f0271d04d530d339209e0c97a4de21be
Typ fulltextMimetyp application/pdf

Sök vidare i DiVA

Av författaren/redaktören
Lokby, PatrikJönsson, Manfred
Av organisationen
Institutionen för datalogi och datorsystemteknik
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 1276 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 928 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf