Please use this identifier to cite or link to this item:
Title: Real Time SQL Injection Detection Add-on for Mozilla Firefox
Authors: Warnakulasooriya, W.M.I.G.B.D.
Issue Date: 2-Dec-2015
Abstract: With the advancements in web technologies, web applications are commonly targeted by cyber criminals. Poor coding styles, improper testing and less understanding of application security concepts help cyber criminals’ to attack their targets. SQL injections are the most dangerous and highly effective vulnerability in web applications. Even though we are suffering from SQL injection, still there is no proper mechanism to test and identify those vulnerabilities at the earlier stages of software development. Most common and leading injection detection tools are based on very traditional methods like getting database error codes or HTTP response status. But the problem is some vulnerable web applications are not generated any database errors and HTTP response status cannot guarantee of being vulnerable for SQL injections. This project introduced two ways of application vulnerability testing. One is detection of SQL injection through the web browser and identifying application security vulnerabilities based on web application technologies. Outcome of this project is a Mozilla Firefox plugin which available for latest Firefox browser versions up to 16.0. On SQL injection detection modules, add-on will automatically identify the web application entry points and submit malicious SQL commands to the backend server. All the server responses view in separate tabs in Firefox browser. User can view the result and identify if there any SQL injection vulnerabilities in current web page. Technology based vulnerability detection is a new concept in this domain. By running this add-on, used web application technologies are identified and direct user to common vulnerabilities and exposures database. By looking at the latest vulnerability details which are relevant to his web application user can measure the current security posture of the web application. This Firefox add-on named as Pen Tester, a web application security framework specially designed for software testers and information security professionals. Pen Tester is designed to be lightweight and easy to use. This add-on does not attempt to compromise the security of the given web application.
Appears in Collections:Master of Science in Information Security - 2015

Files in This Item:
File Description SizeFormat 
  Restricted Access
1.98 MBAdobe PDFView/Open Request a copy

Items in UCSC Digital Library are protected by copyright, with all rights reserved, unless otherwise indicated.