通过抓旗演习加强数据库安全

2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES) Pub Date : 2022-08-12 DOI:10.1109/INES56734.2022.9922636

Ruben Hubert, Anna Bánáti, L. Erdődi, Rita Fleiner

{"title":"通过抓旗演习加强数据库安全","authors":"Ruben Hubert, Anna Bánáti, L. Erdődi, Rita Fleiner","doi":"10.1109/INES56734.2022.9922636","DOIUrl":null,"url":null,"abstract":"Database security has a key role when protecting websites and other IT services. Attacks against databases could result in the leak of confidential data or integrity related security issues. One of the best options to protect services that utilize databases is to simulate real attacks against these. This paper focuses on capture the flag (CTF) style attack simulation and compare existing CTF challenges in the field of database security. The aim was to map the existing databases weaknesses and vulnerabilities into CTF style problems and help penetration testers to understand different attack scenarios against services with database connections. We identified several database related vulnerabilities that are usually not covered by CTF style challenges and a discussion is made how these missing fields could be added to the most well-known offensive security exercises.","PeriodicalId":253486,"journal":{"name":"2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Strengthening Database Security with Capture the Flag Exercises\",\"authors\":\"Ruben Hubert, Anna Bánáti, L. Erdődi, Rita Fleiner\",\"doi\":\"10.1109/INES56734.2022.9922636\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Database security has a key role when protecting websites and other IT services. Attacks against databases could result in the leak of confidential data or integrity related security issues. One of the best options to protect services that utilize databases is to simulate real attacks against these. This paper focuses on capture the flag (CTF) style attack simulation and compare existing CTF challenges in the field of database security. The aim was to map the existing databases weaknesses and vulnerabilities into CTF style problems and help penetration testers to understand different attack scenarios against services with database connections. We identified several database related vulnerabilities that are usually not covered by CTF style challenges and a discussion is made how these missing fields could be added to the most well-known offensive security exercises.\",\"PeriodicalId\":253486,\"journal\":{\"name\":\"2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-08-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INES56734.2022.9922636\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INES56734.2022.9922636","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

数据库安全在保护网站和其他IT服务方面起着关键作用。对数据库的攻击可能导致机密数据泄漏或与完整性相关的安全问题。保护使用数据库的服务的最佳选择之一是模拟针对这些服务的真实攻击。本文重点研究了捕获标志(CTF)类型的攻击仿真，并比较了数据库安全领域中现有的CTF攻击挑战。其目的是将现有的数据库弱点和漏洞映射为CTF风格的问题，并帮助渗透测试人员了解针对具有数据库连接的服务的不同攻击场景。我们确定了几个数据库相关的漏洞，这些漏洞通常不包括在CTF风格的挑战中，并讨论了如何将这些缺失的领域添加到最著名的攻击性安全演习中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Strengthening Database Security with Capture the Flag Exercises

Database security has a key role when protecting websites and other IT services. Attacks against databases could result in the leak of confidential data or integrity related security issues. One of the best options to protect services that utilize databases is to simulate real attacks against these. This paper focuses on capture the flag (CTF) style attack simulation and compare existing CTF challenges in the field of database security. The aim was to map the existing databases weaknesses and vulnerabilities into CTF style problems and help penetration testers to understand different attack scenarios against services with database connections. We identified several database related vulnerabilities that are usually not covered by CTF style challenges and a discussion is made how these missing fields could be added to the most well-known offensive security exercises.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 IEEE 26th International Conference on Intelligent Engineering Systems (INES)

自引率

0.00%

发文量