SQLi vulnerabilty in education sector websites of Bangladesh
- Resource Type
- Conference
- Authors
- Alam, Delwar; Bhuiyan, Touhid; Kabir, Md. Alamgir; Farah, Tanjila
- Source
- 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec) Information Security and Cyber Forensics (InfoSec), 2015 Second International Conference on. :152-157 Nov, 2015
- Subject
- Communication, Networking and Broadcast Technologies
Databases
Education
Uniform resource locators
Information security
Forensics
Government
Blind injection
Error based injection
Double query
SQLi
- Language
Bangladesh has announced every Government & Non -Government school and colleges must website. The websites have to include all data and information every school and colleges. The goal of this initiative is to ensure equal quality of education and to provide education to the remote areas of the country. Though is a very new concept yet an appreciable number of institutes have already started shifting their systems online. While this advancement is commendable yet there are drawbacks such as security risks of these websites and the data in them. One of the easiest yet treacherous security risks of website is SQLi. This paper focuses on various types of SQLi vulnerabilities such as: normal, error based double query, and blind injection techniques and their aggression on the educational websites of Bangladesh. Manual penetration testing with black box approach has been implemented in number of web applications to check the vulnerabilities. The data found has been analyzed to draw statistical conclusion of the present condition of the educational websites of Bangladesh.