Research Interests

Web Application Security


Internet Security

Social Engineering


A taxonomy of SQL injection detection and prevention techniques

Abstract: While using internet for proposing online services is increasing every day, security threats on the web also increased dramatically. One of the most serious and dangerous web application vulnerabilities is SQL injection. SQL injection attack took place by inserting a portion of malicious SQL query through a non-validated input from the user into the legitimate query statement. Consequently, database management system will execute these commands and it leads to SQL injection. A successful SQL injection attack interferes Confidentiality, Integrity and availability of information in the database. Based on the statistical researches this type of attack had a high impact on business. Finding the proper solution to stop or mitigate the SQL injection is necessary. To address this problem security researchers introduce different techniques to develop secure codes, prevent SQL injection attacks and detect them. In this paper, we present a comprehensive review of different types of SQL injection detection and prevention techniques. We criticize strengths and weaknesses of each technique. Such a structural classification would further help other researchers to choose the right technique for the further studies.
SQL injection is still alive: a study on SQL injection signature evasion techniques

Abstract: SQL injection is one of the biggest challenges for the web application security. Based on the studies by OWASP, SQL injection has the highest rank in the web-based vulnerabilities. In case of a successful SQL injection attack, the attacker can have access to the web application database. With the rapid rise of SQL injection based attacks, researchers start to provide different security solutions to protect web application against them. One of the most common solutions is the using of web application firewalls. Usually, these firewalls use signature-based technique as the main core for the detection. In this technique, the firewall checks each packet against a list of predefined SQL injection attacks known as signatures. The problem with this technique is that an attacker with a good knowledge of SQL language can change the look of the SQL queries in a way that firewall cannot detect them but still they lead to the same malicious results. In this paper first we described the nature of SQL injection attack, then we analyzed current SQL injection detection evasion techniques and how they can bypass the detection filters, afterward we proposed a combination of solutions which helps to mitigate the risk of SQL injection attack.
A taxonomy of SQL injection attacks

Abstract: Nowadays web applications play an important role in online business including social networks, online services, banking, shopping, classes, email and etc. Ease of use and access to web application make them more popular in offering online services instead of in-person services. a simple user just need a computer and an internet connection to access web application and use online services provided by that application. There is one core in common between all dynamic web application and that is their need to use a database to store information inside that and retrieve that information upon the user request or add, edit and delete them. Among all database types, rational databases are very popular. Most of relational database management systems such as MySQL, Oracle, MS SQL Server, MS Access, Postgres use SQL as their language. Flexibility of SQL makes it a powerful language. It allows the user to ask what information he wants without having any knowledge about how the information will be fetch. However vast use of SQL based databases make it the center of attention of hackers. SQL injection attack is a well-known security threat to database driven web applications. A successful SQL injection attack reveals critical confidential information to the hacker. In this paper first we provided background information on this vulnerability. Next we present a comprehensive review of different types of SQL injection attack. For each attack we provide an example that shows how the attack launches. Finally we propose the best solution at development phase to defeat SQL injection and conclusion.
Security threats in online social networks

Abstract: While the popularity of using online social networks is rising every day, the security threats to the users of these networks also increased dramatically. Many people find Social networks very interesting because they offer a wide range of online services for socializing with friends and people that have similar interests. However sharing these interests online and using them without considering the security factor can lead a user to become victim of a hacker. There are many different types of threats exists that might put the social network’s users at cybersecurity risk. In this study we discussed different common types of social network threats and provided solutions to mitigate the security risks of using social networks.
Detecting and Preventing DDoS Attacks in Botnets by the Help of Self Triggered Black Holes

Abstract: Among various types of computer threats, botnet is the most serious one against cyber security as they provide several illegal activities such as denial of service attacks, spamming, click fraud and other type of espionage activities. A botnet is a network of infected computers called bots which are under the control of one person known as Botmaster. Botmaster will have full control over the compromised machines from the command and control (C&C) channels, which allow Botmaster to update and add new features to the botnet. Distributed Denial of Service is one of deadliest attacks in history of network security which is take place by botnets. Until now many different solutions against this attack are proposed. One of these techniques is the Remote Triggered black hole filtering for stopping DDoS attacks by botnets. The main drawback of this technique is that the trigger is located at the victim premises and in case of an attack the network between trigger and routers will be saturated by attack traffic. Therefore the trigger cannot effectively communicate with the router to ask them to stop the traffic from the source IP. This paper proposes an improved framework to do the black hole filtering on the edge of internet service provider without need of the trigger (Self Triggered). The most tangible improvements in our framework are stopping DDoS attacks before entering into victim premises, ease of tracking and reporting the compromised machines for further cleanings.
SQL injection vulnerability general patch using header sanitization

Abstract: SQL injection is one of well-known web application vulnerabilities. SQL injection is a type of attack which attacker attempts to insert malicious SQL query through none sanitized variables into the web application. Consequently, the web application will concatenate the variable with the legitimate query and will send it to the database for execution. As result of a successful SQL injection attack, the attacker can read from the database or modify entities of the database (Insert, Delete, Update). Currently, different types of defense systems are available to defeat this vulnerability. However some of these techniques need to stop the existing web application and patch the vulnerability, and since this process might be time-consuming, it is not very practical for companies to stop their online services. To address this problem we proposed a model which can generally patch the SQL injection vulnerability. The model is not dependent on the language in which the web application is written in and the amount of necessary changes in the application is low. The model can be implemented as a library which can be included in the vulnerable web application by calling one line of code.
A Comprehensive Android Evidence Acquisition Framework

Abstract: Android is the most popular operating system among all smartphones. This popularity increased the chances that an Android phone be involved in a crime, either in possession of a criminal or in possession of a victim. There are many techniques exist which help the investigator to gather and extract evidence from the Android smartphones. Each of these techniques has some advantages, disadvantages, and limitations. Therefore the investigator should have knowledge of all available data acquisition techniques. The data that can be potential evidence present in different part of an Android device. Therefore during the forensic acquisition process, the order of volatility should be considered. In this study, we introduced a comprehensive framework for data acquisition from Android smartphones. Then we described the details of each step.
Analysis of WPS Security in Wireless Access Points

Abstract: Usage of wireless technology for ease of communication is growing rapidly. Such transmissions channel might contain valuable information, therefore securing these networks is compulsory to assure about the confidentiality of information. Currently there are few main security standards for securing wireless networks and configuration of these networks needs moderated networking skills. WPS is standing for Wi-Fi Protected Setup, a standard that introduced by Wi-Fi Alliance in 2007 to make the process of establishing a secure wireless network more convenience for users. Currently all of certified wireless equipment might have Wi-Fi Protected Setup feature. This standard allow users with little or no information about networking to setup a secure wireless network or add new devices to their existing network without hassle of entering the password. Currently almost all of well-known networking brands of wireless equipment that are in the market or already are in use have WPS-certificate and WPS feature is by default enabled in them. In December 2011 a researcher found a security flaw that allows the attacker to perform brute-force attack against the WPS pin number. In result of a successful attack the pin code of the network will raveled and attacker can gain access to the wireless network. This paper aims to analysis this security issue with practical implementation and attacks, following by the solution.
An Improved SQL Injection Detection Model in Signature Based IDS Using Tree Structure

Abstract: While online services usage on the Internet increases every day, the number of security threats also grows dramatically. One of the most serious and dangerous web application attacks is SQL injection (SQLI). This attack took place by inserting portion of malicious SQL query through a non-validated input from the user into the legitimate query statement and consequently database management system will execute these commands and eventually leads to an SQL injection. A successful SQL injection attack interfere confidentiality,integrity and availability of information in the database. Based on statistical researches, this type of attack had a high impact on business, so it is necessary to find the proper solution to stop or mitigate the attack. One of the most used solutions to detect SQLI attack is using Intrusion Detection Systems (IDS). IDSs use many techniques to detect potential attacks but signature-based techniques are likely to be more successful in the aspect of correct detection. The main drawback of this technique is that they need many rule sets or signatures to compare the input data against them and this can be time and resource consuming. Even though the SQL request is legitimate it needs to be compared against all the signatures. In this research all types of SQL injection attacks studied, and current techniques and tools for detection and prevention of the SQL injection reviewed. This research reviewed the most relevant solutions for improving signature-based IDSs performance. An improved model of SQL injection detection by using a tree structure is proposed. Finally the performance of proposed model tested and evaluated by making a prototype.