Ontology for Blind SQL Injection

Authors

  • Jean Rosemond Dora Institute of Informatics, Slovak Academy of Sciences, Dúbravská cesta 9, 845 07 Bratislava, Slovakia
  • Ladislav Hluchý Institute of Informatics, Slovak Academy of Sciences, Dúbravská cesta 9, 845 07 Bratislava, Slovakia
  • Karol Nemoga Institute of Mathematics, Slovak Academy of Sciences, Štefánikova 49, 811 04 Bratislava, Slovakia

DOI:

https://doi.org/10.31577/cai_2023_2_480

Keywords:

SQL injection, blind SQL, vulnerability, weakness, ontology, semantic web, information security, cyber threats, website security, web application vulnerabilities, attack detection

Abstract

In cyberspace, there exists a prevalent problem that heavily occurs to web application databases and that is the exploitation of websites by using SQL injection attacks. This kind of attack becomes more difficult when it comes to blind SQL vulnerabilities. In this paper, we will first make use of this vulnerability, and subsequently, we will build an ontology (OBSQL) to address the detection of the blind SQL weakness. Therefore, to achieve the exploitation, we reproduce the attacks against a website in production mode. We primarily detect the presence of the vulnerability, after we use our tools to abuse it. Last but not least, we prove the importance of applying ontology in cybersecurity for this matter. The mitigation techniques in our ontology will be addressed in our future work.

Downloads

Download data is not yet available.

Downloads

Published

2023-05-30

How to Cite

Dora, J. R., Hluchý, L., & Nemoga, K. (2023). Ontology for Blind SQL Injection. Computing and Informatics, 42(2), 480–500. https://doi.org/10.31577/cai_2023_2_480

Most read articles by the same author(s)

1 2 3 > >>