DS-2

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attempt… 1/10

ECS5200_202130_CRN171 - DATABASE SECURITY - 202130 - CRN171 - ZAVGREN

Week 2 Paper Anvesh Reddy Kankanala on Wed, Jan 20 2021, 6:40 PM

91% highest match Submission ID: 5837fa1c-9507-444f-93f4-0d8e0f0ded2e

Attachments (1)

Submission_Text.html 1 AUTOMATED TOOL FOR SQL INJECTION

SQL INJECTION CAN BE DEFINED AS A SECURITY EXPLOIT WHERE STRUCTURED QUERY LANGUAGE CODE IS ADDED BY THE ATTACKERS TO A WEB INPUT BOX THAT WILL ALLOW THEM TO MAKE CHANGES IN THE SENSITIVE DATA BY ACCESSING UNAUTHORIZED RESOURCES. SQL INJECTION IS VERY DANGEROUS BECAUSE IF IT IS EXECUTED IN THE RIGHT WAY BY THE ATTACKERS THIS MIGHT LEAD TO UNAUTHORIZED USERS HAVING ACCESS TO SENSITIVE, PRIVATE, AND CONFIDENTIAL DATA. IN MOST CASES APPLICATION THAT USES SQL DATABASE ARE TARGET ATTACKS BY SQL INJECTION. THE COMMON PREY FOR SQL INJECTION ATTACKS IS WEBSITES. MYSQL AND SQL SERVER IS THE MOST COMMON SQL DATABASES THAT ARE WIDELY RECOGNIZED (TAJPOUR, ET AL.,2012).

According to (Tajpour, et al.,2012),“ SQLi attack occurs when a malicious user, through particularly crafted input, results in the web application to generating and sending a query that functions maliciously than the programmer intended” (Tajpour, et al, p.337). 1 FOR SEVERAL DECADES IN THE WEB, APPLICATION SQL HAS BEEN A COMMON VULNERABILITY THAT HAS RESULTED IN EXPLOITATION. AUTOMATED

(http://safeassign.blackboard.com/)

Submission_Text.html Word Count: 792 Attachment ID: 3920213193

91%

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attempt… 2/10

TOOLS HAVE PLAYED A MAJOR IN ENABLING THE PREVENTION OF EXPLOITATION OF SQL DATABASES THAT RESULT IN THE EXPOSING OF DATA TO ATTACKERS. THE USE OF THE AUTOMATED TOOL IS AN IMPORTANT STEP TO PROVIDE SECURITY TO THE DATABASES BECAUSE THEY ARE HIGHLY CONFIGURABLE. THEREFORE, THE USE OF AUTOMATED TOOLS HELPS IN IMPROVING THE SECURITY OF DATABASES AWAY FROM ATTACKERS WHO MIGHT INTERFERE WITH THE LANGUAGE USED.

ON THE OTHER HAND, CONSTANTIN(2020), SAYS THAT WEB APPLICATIONS ARE CONSIDERED TO BE THE COMMON PREY FOR SQL INJECTION. In an example of stuffing and API attack, an analysis shows that” The top category of web application attack against the monetary services sector was LFI, with 47%, then SQLi injection (SQLi) with 36%, and also cross-site scripting (XSS) with 7.7%.”(Constantin, p.282). 1 WHEN WEB APPLICATION DEVELOPERS COME UP WITH AN APPLICATION, THEY DO IT IN THE RIGHT MANNER. HOWEVER, SQL INJECTION ALLOWS THE ATTACKERS TO INTRODUCE NEW INPUT VALUES THAT MIGHT AFFECT THE BEHAVIOR AND FUNCTIONING OF THE APPLICATION CONTRARY TO THE INTENTION OF THE WEB DEVELOPERS. THIS IS BECAUSE ATTACKERS HAVE ROOM TO INTRODUCE NEW VALUES AS IT IS MORE VULNERABLE TO RISKS. e.g Shivkar (2020) writes that “Entering some special character (mostly ‘) in any textbox should be rejected by the application. “

1 SQL MAP IS A PENETRATION TESTING TOOL THAT IS NORMALLY USED TO AUTOMATE THE PROCESS OF TAKING OVER DATABASE SERVERS AND EXPLOITING AND DETECTING SQL INJECTIONS. THE OPEN-SOURCE PENETRATION TOOL PLAYS AN IMPORTANT ROLE BY INSERTING MALICIOUS CODES AND DETECTING AND EXPLOITING DATABASE VULNERABILITY. THEREFORE THE USE OF SQLMAP HELPS IN IMPROVING THE SECURITY OF THE DATABASE BY REDUCING VULNERABILITIES IN THE WEB APPLICATION. THEREFORE SQLMAP IS USED TO DETECTING AND EXPLOITING VULNERABILITY HENCE REDUCING RISKS TO THE DATABASE. The SQL MAP has an amazing collection of payloads that may be used for detection and vulnerability exploitation. These templates are stored in the XML files for payloads (Shivkar, 2020).

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attempt… 3/10

1 THE ADVANCEMENT IN TECHNOLOGY HAS CAUSED DATA SECURITY TO BE A VERY IMPORTANT FACTOR TO CONSIDER. THIS IS BECAUSE ATTACKERS MIGHT ACCESS CREDENTIAL INFORMATION USING MALICIOUS CODES IN THE DATABASE. THEREFORE WEB APPLICATION DEVELOPERS WANT TO DEVELOP APPLICATIONS THAT WILL HAVE A MINIMAL VULNERABILITY TO RISK. THE USES OF AUTOMATED TOOLS HAVE PLAYED AN IMPORTANT ROLE IN EXPLOITING AND DETECTING VULNERABILITY HENCE REDUCING RISK. A good example of the most commonly used tools in content management systems is the Nikto and the SQLMAP which are commonly used for pen-testing. Hence this automated toll has helped in the reduction of SQL injection in the web application database (Shivkar, 2020).

Reference

Constantin, L. (2020). APIs are becoming a major target for credential stuffing attacks. 2 CSO (ONLINE), RETRIEVED FROM HTTP://NEC.GMILCS.ORG/LOGIN? URL=HTTPS://WWW-PROQUEST-COM.NEC.GMILCS.ORG/TRADE- JOURNALS/APIS-ARE-BECOMING-MAJOR-TARGET- CREDENTIAL/DOCVIEW/2358106634/SE-2?ACCOUNTID=42685

Porup, J. M. (2020). 3 11 PENETRATION TESTING TOOLS THE PROS USE. 2 CSO (ONLINE), RETRIEVED FROM HTTP://NEC.GMILCS.ORG/LOGIN? URL=HTTPS://WWW-PROQUEST-COM.NEC.GMILCS.ORG/TRADE- JOURNALS/11-PENETRATION-TESTING-TOOLS-PROS- USE/DOCVIEW/2435334794/SE-2?ACCOUNTID=42685

Shivkar, P. 4 (2020, APR 01). Focus: The importance of security testing for web and mobile apps. 2 OPEN SOURCE FOR YOU, RETRIEVED FROM HTTP://NEC.GMILCS.ORG/LOGIN?URL=HTTPS://WWW-PROQUEST- COM.NEC.GMILCS.ORG/MAGAZINES/FOCUS-IMPORTANCE-SECURITY- TESTING-WEB-MOBILE-APPS/DOCVIEW/2390594123/SE-2? ACCOUNTID=42685

Tajpour, A., Ibrahim, S., & Sharifi, M. (2012). Web application security by SQL injection DetectionTools. 5 INTERNATIONAL JOURNAL OF COMPUTER SCIENCE ISSUES (IJCSI), 9(2), 332-339. 2 RETRIEVED FROM

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attempt… 4/10

HTTP://NEC.GMILCS.ORG/LOGIN?URL=HTTPS://WWW-PROQUEST- COM.NEC.GMILCS.ORG/SCHOLARLY-JOURNALS/WEB-APPLICATION- SECURITY-SQL-INJECTION/DOCVIEW/1035137861/SE-2?ACCOUNTID=42685

Citations (5/5)

Matched Text

1 Another student's paper

2 Another student's paper

3 Another student's paper

4 Another student's paper

5 Another student's paper

Suspected Entry: 100% match

Uploaded - Submission_Text.html

AUTOMATED TOOL FOR SQL INJECTION

Source - Another student's paper Automated tool for SQL injection

Suspected Entry: 100% match

Uploaded - Submission_Text.html

SQL INJECTION CAN BE DEFINED AS A SECURITY EXPLOIT WHERE STRUCTURED QUERY LANGUAGE CODE IS ADDED BY THE ATTACKERS TO A WEB INPUT BOX THAT WILL ALLOW THEM TO MAKE CHANGES IN THE SENSITIVE DATA BY ACCESSING UNAUTHORIZED RESOURCES

Source - Another student's paper SQL injection can be defined as a security exploit where structured query language code is added by the attackers to a web input box that will allow them to make changes in the sensitive data by accessing unauthorized resources

Suspected Entry: 98% match

Uploaded - Submission_Text.html

SQL INJECTION IS VERY DANGEROUS BECAUSE IF IT IS EXECUTED IN THE RIGHT WAY BY THE

Source - Another student's paper An SQL injection is very dangerous because if it is executed in the right way by the attackers this might

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attempt… 5/10

ATTACKERS THIS MIGHT LEAD TO UNAUTHORIZED USERS HAVING ACCESS TO SENSITIVE, PRIVATE, AND CONFIDENTIAL DATA

lead to unauthorized users having access to sensitive, private and confidential data

Suspected Entry: 99% match

Uploaded - Submission_Text.html

IN MOST CASES APPLICATION THAT USES SQL DATABASE ARE TARGET ATTACKS BY SQL INJECTION

Source - Another student's paper In most cases application that uses SQL database are target attacks by SQL injection

Suspected Entry: 99% match

Uploaded - Submission_Text.html

THE COMMON PREY FOR SQL INJECTION ATTACKS IS WEBSITES

Source - Another student's paper The common prey for SQL injection attacks is websites

Suspected Entry: 83% match

Uploaded - Submission_Text.html

MYSQL AND SQL SERVER IS THE MOST COMMON SQL DATABASES THAT ARE WIDELY RECOGNIZED (TAJPOUR, ET AL.,2012)

Source - Another student's paper MySQL and SQL server is the most common SQL databases that are widely recognized

Suspected Entry: 100% match

Uploaded - Submission_Text.html

FOR SEVERAL DECADES IN THE WEB, APPLICATION SQL HAS BEEN A COMMON VULNERABILITY THAT HAS RESULTED IN EXPLOITATION

Source - Another student's paper For several decades in the web, application SQL has been a common vulnerability that has resulted in exploitation

Suspected Entry: 99% match

Uploaded - Submission_Text.html

AUTOMATED TOOLS HAVE PLAYED A MAJOR IN ENABLING THE PREVENTION OF EXPLOITATION

Source - Another student's paper Automated tools have played a major in enabling the prevention of exploitation of SQL databases that result in exposing data to attackers

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attempt… 6/10

OF SQL DATABASES THAT RESULT IN THE EXPOSING OF DATA TO ATTACKERS

Suspected Entry: 97% match

Uploaded - Submission_Text.html

THE USE OF THE AUTOMATED TOOL IS AN IMPORTANT STEP TO PROVIDE SECURITY TO THE DATABASES BECAUSE THEY ARE HIGHLY CONFIGURABLE

Source - Another student's paper The use of an automated tool is an important step to provide security to the databases because they are highly configurable

Suspected Entry: 92% match

Uploaded - Submission_Text.html

THEREFORE, THE USE OF AUTOMATED TOOLS HELPS IN IMPROVING THE SECURITY OF DATABASES AWAY FROM ATTACKERS WHO MIGHT INTERFERE WITH THE LANGUAGE USED

Source - Another student's paper Therefore, the use of an automated tool helps in improving the security of databases away from attackers who might interfere with the language used

Suspected Entry: 75% match

Uploaded - Submission_Text.html

ON THE OTHER HAND, CONSTANTIN(2020), SAYS THAT WEB APPLICATIONS ARE CONSIDERED TO BE THE COMMON PREY FOR SQL INJECTION

Source - Another student's paper Web applications are considered to be the common prey for SQL injection

Suspected Entry: 100% match

Uploaded - Submission_Text.html

WHEN WEB APPLICATION DEVELOPERS COME UP WITH AN APPLICATION, THEY DO IT IN THE RIGHT MANNER

Source - Another student's paper When web application developers come up with an application they do it in the right manner

Suspected Entry: 100% match

Uploaded - Submission_Text.html

HOWEVER, SQL INJECTION ALLOWS THE ATTACKERS TO INTRODUCE NEW INPUT VALUES

Source - Another student's paper However, SQL injection allows the attackers to introduce new input values that might affect the

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attempt… 7/10

THAT MIGHT AFFECT THE BEHAVIOR AND FUNCTIONING OF THE APPLICATION CONTRARY TO THE INTENTION OF THE WEB DEVELOPERS

behavior and functioning of the application contrary to the intention of the web developers

Suspected Entry: 99% match

Uploaded - Submission_Text.html

THIS IS BECAUSE ATTACKERS HAVE ROOM TO INTRODUCE NEW VALUES AS IT IS MORE VULNERABLE TO RISKS

Source - Another student's paper This is because attackers have room to introduce new values as it is more vulnerable to risks

Suspected Entry: 90% match

Uploaded - Submission_Text.html

SQL MAP IS A PENETRATION TESTING TOOL THAT IS NORMALLY USED TO AUTOMATE THE PROCESS OF TAKING OVER DATABASE SERVERS AND EXPLOITING AND DETECTING SQL INJECTIONS

Source - Another student's paper Sqlmap is a penetration testing tool that is normally used to automate the process of taking over database servers and exploiting and detecting of SQL injections

Suspected Entry: 99% match

Uploaded - Submission_Text.html

THE OPEN-SOURCE PENETRATION TOOL PLAYS AN IMPORTANT ROLE BY INSERTING MALICIOUS CODES AND DETECTING AND EXPLOITING DATABASE VULNERABILITY

Source - Another student's paper The open-source penetration tool plays an important role by inserting malicious codes and detecting and exploiting database vulnerability

Suspected Entry: 94% match

Uploaded - Submission_Text.html

THEREFORE THE USE OF SQLMAP HELPS IN IMPROVING THE SECURITY OF THE DATABASE BY REDUCING VULNERABILITIES IN THE WEB APPLICATION

Source - Another student's paper Therefore the use of sqlmap helps in improving the security of the database through reducing vulnerabilities in the web application

Suspected Entry: 100% match

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attempt… 8/10

Uploaded - Submission_Text.html

THEREFORE SQLMAP IS USED TO DETECTING AND EXPLOITING VULNERABILITY HENCE REDUCING RISKS TO THE DATABASE

Source - Another student's paper Therefore sqlmap is used to detecting and exploiting vulnerability hence reducing risks to the database

Suspected Entry: 100% match

Uploaded - Submission_Text.html

THE ADVANCEMENT IN TECHNOLOGY HAS CAUSED DATA SECURITY TO BE A VERY IMPORTANT FACTOR TO CONSIDER

Source - Another student's paper The advancement in technology has caused data security to be a very important factor to consider

Suspected Entry: 98% match

Uploaded - Submission_Text.html

THIS IS BECAUSE ATTACKERS MIGHT ACCESS CREDENTIAL INFORMATION USING MALICIOUS CODES IN THE DATABASE

Source - Another student's paper This is because attackers might access to credential information using malicious codes in the database

Suspected Entry: 99% match

Uploaded - Submission_Text.html

THEREFORE WEB APPLICATION DEVELOPERS WANT TO DEVELOP APPLICATIONS THAT WILL HAVE A MINIMAL VULNERABILITY TO RISK

Source - Another student's paper Therefore web application developers want to develop applications that will have a minimal vulnerability to risk

Suspected Entry: 100% match

Uploaded - Submission_Text.html

THE USES OF AUTOMATED TOOLS HAVE PLAYED AN IMPORTANT ROLE IN EXPLOITING AND DETECTING VULNERABILITY HENCE REDUCING RISK

Source - Another student's paper The uses of automated tools have played an important role in exploiting and detecting vulnerability hence reducing risk

Suspected Entry: 79% match

Uploaded - Submission_Text.html Source - Another student's paper

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attempt… 9/10

CSO (ONLINE), RETRIEVED FROM HTTP://NEC.GMILCS.ORG/LOGIN? URL=HTTPS://WWW-PROQUEST- COM.NEC.GMILCS.ORG/TRADE- JOURNALS/APIS-ARE-BECOMING-MAJOR- TARGET-CREDENTIAL/DOCVIEW/2358106634/SE- 2?ACCOUNTID=42685

CSO (Online), Retrieved from http://nec.gmilcs.org/login?url=https://www- proquest-com.nec.gmilcs.org/trade-journals/medical- devices-at-risk-5-capabilities- that/docview/1915543574/se-2?accountid=42685

Suspected Entry: 79% match

Uploaded - Submission_Text.html

CSO (ONLINE), RETRIEVED FROM HTTP://NEC.GMILCS.ORG/LOGIN? URL=HTTPS://WWW-PROQUEST- COM.NEC.GMILCS.ORG/TRADE-JOURNALS/11- PENETRATION-TESTING-TOOLS-PROS- USE/DOCVIEW/2435334794/SE-2? ACCOUNTID=42685

Source - Another student's paper CSO (Online), Retrieved from http://nec.gmilcs.org/login?url=https://www- proquest-com.nec.gmilcs.org/trade-journals/medical- devices-at-risk-5-capabilities- that/docview/1915543574/se-2?accountid=42685

Suspected Entry: 75% match

Uploaded - Submission_Text.html

OPEN SOURCE FOR YOU, RETRIEVED FROM HTTP://NEC.GMILCS.ORG/LOGIN? URL=HTTPS://WWW-PROQUEST- COM.NEC.GMILCS.ORG/MAGAZINES/FOCUS- IMPORTANCE-SECURITY-TESTING-WEB- MOBILE-APPS/DOCVIEW/2390594123/SE-2? ACCOUNTID=42685

Source - Another student's paper Retrieved from http://nec.gmilcs.org/login? url=https://www-proquest- com.nec.gmilcs.org/magazines/remote-access- trojans/docview/1812982407/se-2?accountid=42685

Suspected Entry: 76% match

Uploaded - Submission_Text.html

RETRIEVED FROM HTTP://NEC.GMILCS.ORG/LOGIN? URL=HTTPS://WWW-PROQUEST- COM.NEC.GMILCS.ORG/SCHOLARLY- JOURNALS/WEB-APPLICATION-SECURITY-SQL- INJECTION/DOCVIEW/1035137861/SE-2? ACCOUNTID=42685

Source - Another student's paper Retrieved from http://nec.gmilcs.org/login? url=https://www-proquest-com.nec.gmilcs.org/trade- journals/hacking-human-is-next-cyber- threat/docview/2458774454/se-2?accountid=42685

1/21/2021 SafeAssign Originality Report

https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReportPrint?course_id=_53389_1&print=true&includeDeleted=true&force=true&attem… 10/10

Suspected Entry: 100% match

Uploaded - Submission_Text.html

11 PENETRATION TESTING TOOLS THE PROS USE

Source - Another student's paper 11 penetration testing tools the pros use

Suspected Entry: 100% match

Uploaded - Submission_Text.html

(2020, APR 01)

Source - Another student's paper (2020, Apr 01)

Suspected Entry: 67% match

Uploaded - Submission_Text.html

INTERNATIONAL JOURNAL OF COMPUTER SCIENCE ISSUES (IJCSI), 9(2), 332-339

Source - Another student's paper International Journal of Computer Science Issues (IJCSI), 8(3), 332-343