Ontology for Blind SQL Injection
DOI:
https://doi.org/10.31577/cai_2023_2_480Keywords:
SQL injection, blind SQL, vulnerability, weakness, ontology, semantic web, information security, cyber threats, website security, web application vulnerabilities, attack detectionAbstract
In cyberspace, there exists a prevalent problem that heavily occurs to web application databases and that is the exploitation of websites by using SQL injection attacks. This kind of attack becomes more difficult when it comes to blind SQL vulnerabilities. In this paper, we will first make use of this vulnerability, and subsequently, we will build an ontology (OBSQL) to address the detection of the blind SQL weakness. Therefore, to achieve the exploitation, we reproduce the attacks against a website in production mode. We primarily detect the presence of the vulnerability, after we use our tools to abuse it. Last but not least, we prove the importance of applying ontology in cybersecurity for this matter. The mitigation techniques in our ontology will be addressed in our future work.