Culminating Project Title

Early SQL Injection Detection

Date of Award

12-2016

Culminating Project Type

Thesis

Degree Name

Information Assurance: M.S.

Department

Information Assurance and Information Systems

College

Herberger School of Business

First Advisor

Jim Q. Chen

Second Advisor

Dennis Guster

Third Advisor

Balasubramanian Kasi

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Keywords and Subject Headings

early alert, IP address, user level by device fingerprinting, three-way handshake, hackers, analyzing IP address

Abstract

Computer security is a moving target that moves or increases with the growth of technology. Organizations during the 21st century have to create and/or adopt new technologies in order to stay in business and be competitive. These new technologies involve thousands of lines of code using programming languages, crossing servers, and database engines. Along with the growth of technology, organizations’ IT professionals are trying to prevent any data breach to valuable data from hackers by locking all vulnerable doors that hackers might use to access a system. While IT professionals are trying to lock all vulnerable doors, hackers need only one door to hack a given system using one of the hacking methods available. One of the most used hacking methods and most security concerning is SQL Injection that hackers use to bypass a system by gaining unauthorized access to retrieve or modify valuable data such as Social Security Numbers, bank information, health records, etc. SQL Injection can be achieved through injecting SQL commands into a SQL statement via a web page. There is a number of SQL Injection methods used to gain unauthorized access into a given system; however, SQL Injection through Sign-in/Log-in process is the most used technique with 63% of all SQL injection types used [1]. Therefore, this research focuses on SQL Injection through Sign-in/Log-in process and presents a new way of alerting the system admin of any SQL Injection attempts and blocks, as well as any further access attempts by the same user (abuser).

Comments/Acknowledgements

First, I would like to express my sincere gratitude to my advisor Dr. Jim Chen for the continuous support of my study and research, for his patience, motivation, enthusiasm, and immense knowledge. Besides my advisor, I would like to thank the rest of my thesis committee, Dr. Dennis Guster and Dr. Balasubramanian Kasi, for their encouragement and insightful comments.

I would also like to thank my colleagues from my internship at TelCom Construction, Inc. for their wonderful collaboration. You supported me greatly and were always willing to help me. I would particularly like to single out my supervisors at TelCom Construction Inc., Mr. Randy Linn and Mr. Lucas Bohnenkamp. Randy and Lucas, I want to thank you for your excellent cooperation and for all of the opportunities I was given to conduct my research and further my thesis at TelCom Construction Inc.

In addition, I would like to thank my classmate, Hazem Farra, for his valuable guidance and help. You definitely provided me with information I was looking for in regards to hosting my test website for this research.

I must express my very profound gratitude to my parents and to my wife for providing me with unfailing support and continuous encouragement throughout my years of study and through the process of researching and writing this thesis. This accomplishment would not have been possible without them. Lastly, I would like to further thank my sunshine and the love of my life, my wife. You have provided me with strength when I was weak and encouraged me when I felt down. Throughout the course of my study, you have patiently and strongly supported me and stood by my side. You handled my moodiness that is due to pressure and extra study with the utmost tolerable fashion. You turned every hard moment into a moment of encouragement and support. It is through your love, support and unconditional patience that I am able to achieve everything. For that, I thank you and hope that I make you proud.

Thank you very much, everyone!

Share

COinS