Online Change of Grade Attack Using SQL Injection Case Study: FUTA Cyber Security Department

The International Journal of Science & Technoledge Pub Date : 2023-05-08 DOI:10.24940/theijst/2023/v11/i4/st2304-002

Julianah F. Amos, Boniface K. Alese, Olumide Obe, Otasowie Owolafe, Ayorinde O. Idowu

{"title":"Online Change of Grade Attack Using SQL Injection Case Study: FUTA Cyber Security Department","authors":"Julianah F. Amos, Boniface K. Alese, Olumide Obe, Otasowie Owolafe, Ayorinde O. Idowu","doi":"10.24940/theijst/2023/v11/i4/st2304-002","DOIUrl":null,"url":null,"abstract":"Advancement in technology has made many universities to adopt the system of storing students' results in online databases in both developed and developing countries for easy accessibility and to eliminate redundancy. However, these are subject to different types of attacks ranging from hardware to software attacks. In Federal University of Technology Akure (FUTA), Cyber Security department is not left out because attackers contribute a potential threat to the institution's information security. There are various methods attackers can use to carry out this malicious act, but this research considered SQL injection attacks. The researcher reviews related works, designs and implements student database applications for FUTA Cyber Security department. The research demonstrates how SQL injection can be used to change student grades and preventive measures to minimize SQL injection attacks, such as avoiding sharing database accounts using different sites or applications, regular updates of database software, regular update of security patches and passwords and regular scanning of web applications with a web vulnerability scanner.","PeriodicalId":153770,"journal":{"name":"The International Journal of Science & Technoledge","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The International Journal of Science & Technoledge","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.24940/theijst/2023/v11/i4/st2304-002","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Advancement in technology has made many universities to adopt the system of storing students' results in online databases in both developed and developing countries for easy accessibility and to eliminate redundancy. However, these are subject to different types of attacks ranging from hardware to software attacks. In Federal University of Technology Akure (FUTA), Cyber Security department is not left out because attackers contribute a potential threat to the institution's information security. There are various methods attackers can use to carry out this malicious act, but this research considered SQL injection attacks. The researcher reviews related works, designs and implements student database applications for FUTA Cyber Security department. The research demonstrates how SQL injection can be used to change student grades and preventive measures to minimize SQL injection attacks, such as avoiding sharing database accounts using different sites or applications, regular updates of database software, regular update of security patches and passwords and regular scanning of web applications with a web vulnerability scanner.

查看原文本刊更多论文

基于SQL注入的在线等级变更攻击案例研究:FUTA网络安全部门

技术的进步使发达国家和发展中国家的许多大学都采用了将学生成绩存储在在线数据库中的系统，以便于访问和消除冗余。然而，这些都受到不同类型的攻击，从硬件攻击到软件攻击。在阿库尔联邦科技大学(FUTA)，网络安全部门并没有被排除在外，因为攻击者对该机构的信息安全构成了潜在威胁。攻击者可以使用各种方法来执行这种恶意行为，但本研究考虑的是SQL注入攻击。研究人员回顾了相关工作，设计并实现了FUTA网络安全部门的学生数据库应用程序。该研究展示了如何使用SQL注入来改变学生的成绩，以及减少SQL注入攻击的预防措施，例如避免使用不同的网站或应用程序共享数据库帐户，定期更新数据库软件，定期更新安全补丁和密码，以及使用web漏洞扫描仪定期扫描web应用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

The International Journal of Science & Technoledge

自引率

0.00%

发文量