AN ONLINE SQL VULNERABILITY ASSESSMENT TOOL AND IT’S IMPACT ON SMEs

Main Article Content

Atdhe Buja
Zana Beqiri Luma

Abstract

Information security has received everyone's attention, especially in the case of the global Covid-19 pandemic. SMEs are looking for solutions that offer greater security and a normal functioning of activities. Our research is aiming to measure the benefits from the usage of an online Vulnerability Assessment SQL tool (VA SQL). In the study, through an experiment of various tools used we can see different results in the findings. We present the best practice and a model of proactive approach to analyze database security using Microsoft technology. Currently, we need to have and use a lot of scripts or external tools to identify and fix the vulnerabilities. The findings, demonstration of the study should reveal and support our main hypothesis that there is direct link between the database security and the main factors that threat and risk the data. In this paper, we present VA SQL – a model for discovery, track and fix potential database security gaps of different information systems and web application databases.

Downloads

Download data is not yet available.

Article Details

Section
Articles

References

Gartner, "RDBMS (Relational Database Management System)," [Online]. Available: https://www.gartner.com/en/information-technology/glossary/rdbms-relational-database-management-system#:~:text=A%20database%20management%20system%20(DBMS,(SQL)%20application%20programming%20interface.

EC-Council, "EC-Council Blog," 07 23 2020. [Online]. Available: https://blog.eccouncil.org/how-to-identify-network-security-threats-and-vulnerabilities/.

A. Mohiuddin Ahmed, "A survey of network anomaly detection techniques," Elsevier, Journal of Network and Computer Applications, pp. 19-31, 2016.

EU, "General Data Protection Regulation," 04 05 2016. [Online]. Available: https://gdpr-info.eu/.

EU, "Art. 4 GDPR," 04 05 2016. [Online]. Available: https://gdpr-info.eu/art-4-gdpr/.

A. Adepetun, "Cyber attack on Nigerian SMEs up by 89 per cent in 2022," 2022. [Online]. Available: https://guardian.ng/business-services/cyber-attack-on-nigerian-smes-up-by-89-per-cent-in-2022/.

E. C. E. Commission, "Eurobarometer," 2022. [Online]. Available: https://europa.eu/eurobarometer/surveys/detail/2280.

U. Government, "DFARS," 30 11 2020. [Online]. Available: https://www.acquisition.gov/dfars.

CyberSaint, "The Definitive Guide to DFARS Compliance and NIST SP 800-171," CyberSaint.

M. A. A. Ossama B. AlKhurafi, "Survey of Web Application Vulnerability Attacks," Application Vulnerability Attacks Advanced Computer Science Applications and Technologies, no. IEEE, 2016.

Port Swigger, "SQLi," [Online]. Available: https://portswigger.net/web-security/sql-injection. [Accessed 01 02 2021].

OWASP, "Session hijacking attack," [Online]. Available: https://owasp.org/www-community/attacks/Session_hijacking_attack.

MITRE, "Privilege Escalation," [Online]. Available: https://attack.mitre.org/tactics/TA0004/.

I. A. J. A. D. F. u. R. M. R. Insha Altaf, "Vulnerability Assessment and Patching Management," ICSCTI), no. IEEE, 2015.

Gartner, "Magic Quadrant for Cloud Database Management Systems," Gartner, 2020.

Microsoft Croporation, "Track and remediate potential database vulnerabilities with SQL Vulnerability Assessment," 2017.

EC-Council, "EC-Council Blog," 04 06 2020. [Online]. Available: https://blog.eccouncil.org/what-are-sniffing-attacks-and-their-types/.

PortSwigger, "The web vulnerability scanner that does more," PortSwigger, [Online]. Available: https://portswigger.net/burp/vulnerability-scanner. [Accessed 01 02 2021].

Burp Suite Professional, "Features," Burp Suite Professional, [Online]. Available: https://portswigger.net/burp/pro/features. [Accessed 01 02 2021].