AN ONLINE SQL VULNERABILITY ASSESSMENT TOOL AND IT’S IMPACT ON SMEs
Main Article Content
Abstract
Information security has received everyone's attention, especially in the case of the global Covid-19 pandemic. SMEs are looking for solutions that offer greater security and a normal functioning of activities. Our research is aiming to measure the benefits from the usage of an online Vulnerability Assessment SQL tool (VA SQL). In the study, through an experiment of various tools used we can see different results in the findings. We present the best practice and a model of proactive approach to analyze database security using Microsoft technology. Currently, we need to have and use a lot of scripts or external tools to identify and fix the vulnerabilities. The findings, demonstration of the study should reveal and support our main hypothesis that there is direct link between the database security and the main factors that threat and risk the data. In this paper, we present VA SQL – a model for discovery, track and fix potential database security gaps of different information systems and web application databases.
Downloads
Article Details
COPYRIGHT
Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
- The journal allows the author(s) to retain publishing rights without restrictions.
- The journal allows the author(s) to hold the copyright without restrictions.
References
Gartner, "RDBMS (Relational Database Management System)," [Online]. Available: https://www.gartner.com/en/information-technology/glossary/rdbms-relational-database-management-system#:~:text=A%20database%20management%20system%20(DBMS,(SQL)%20application%20programming%20interface.
EC-Council, "EC-Council Blog," 07 23 2020. [Online]. Available: https://blog.eccouncil.org/how-to-identify-network-security-threats-and-vulnerabilities/.
A. Mohiuddin Ahmed, "A survey of network anomaly detection techniques," Elsevier, Journal of Network and Computer Applications, pp. 19-31, 2016.
EU, "General Data Protection Regulation," 04 05 2016. [Online]. Available: https://gdpr-info.eu/.
EU, "Art. 4 GDPR," 04 05 2016. [Online]. Available: https://gdpr-info.eu/art-4-gdpr/.
A. Adepetun, "Cyber attack on Nigerian SMEs up by 89 per cent in 2022," 2022. [Online]. Available: https://guardian.ng/business-services/cyber-attack-on-nigerian-smes-up-by-89-per-cent-in-2022/.
E. C. E. Commission, "Eurobarometer," 2022. [Online]. Available: https://europa.eu/eurobarometer/surveys/detail/2280.
U. Government, "DFARS," 30 11 2020. [Online]. Available: https://www.acquisition.gov/dfars.
CyberSaint, "The Definitive Guide to DFARS Compliance and NIST SP 800-171," CyberSaint.
M. A. A. Ossama B. AlKhurafi, "Survey of Web Application Vulnerability Attacks," Application Vulnerability Attacks Advanced Computer Science Applications and Technologies, no. IEEE, 2016.
Port Swigger, "SQLi," [Online]. Available: https://portswigger.net/web-security/sql-injection. [Accessed 01 02 2021].
OWASP, "Session hijacking attack," [Online]. Available: https://owasp.org/www-community/attacks/Session_hijacking_attack.
MITRE, "Privilege Escalation," [Online]. Available: https://attack.mitre.org/tactics/TA0004/.
I. A. J. A. D. F. u. R. M. R. Insha Altaf, "Vulnerability Assessment and Patching Management," ICSCTI), no. IEEE, 2015.
Gartner, "Magic Quadrant for Cloud Database Management Systems," Gartner, 2020.
Microsoft Croporation, "Track and remediate potential database vulnerabilities with SQL Vulnerability Assessment," 2017.
EC-Council, "EC-Council Blog," 04 06 2020. [Online]. Available: https://blog.eccouncil.org/what-are-sniffing-attacks-and-their-types/.
PortSwigger, "The web vulnerability scanner that does more," PortSwigger, [Online]. Available: https://portswigger.net/burp/vulnerability-scanner. [Accessed 01 02 2021].
Burp Suite Professional, "Features," Burp Suite Professional, [Online]. Available: https://portswigger.net/burp/pro/features. [Accessed 01 02 2021].