UPM Institutional Repository

Prevention of attack on Islamic websites by fixing SQL injection vulnerabilities using co-evolutionary search approach


Umar, Kabir and Md. Sultan, Abu Bakar and Zulzalil, Hazura and Admodisastro, Novia and Abdullah @ Selimun, Mohd Taufik (2014) Prevention of attack on Islamic websites by fixing SQL injection vulnerabilities using co-evolutionary search approach. In: The 5th International Conference on Information and Communication Technology for The Muslims World (ICT4M) 2014, 17-19 Nov. 2014, Kuching, Sarawak, Malaysia. (pp. 1-6).


In recent times, there is an alarming increase in web application attacks, with significant cases, specifically, targeting Islamic websites. Since 2004, SQL Injection Vulnerabilities (SQLIVs) remains the most serious software security loopholes via which web applications are exploited. Fixing SQLIVs prior to deployment would provide very effective means of protection against such exploits. Ideally, SQLIVs fixing includes four main phases: SQLIVs detection, fix generation, fix application, and fix effectiveness verification. Most existing research works address different phases separately. There is no single research that addresses the four phases in a seamless integrated automation. This paper presents instances of attack on Islamic websites, and then propose framework for seamless integrated and automated SQLIVs fixing for web application, as part of an ongoing research work. The framework employs Evolutionary Programming to establish competitive co-evolution of web applications and test sets, in which fitness of evolved web applications is evaluated based on their ability to defend test attacks and pass legitimate input tests.

Download File

Full text not available from this repository.

Additional Metadata

Item Type: Conference or Workshop Item (Paper)
Divisions: Faculty of Computer Science and Information Technology
DOI Number: https://doi.org/10.1109/ICT4M.2014.7020604
Publisher: IEEE (IEEE Xplore)
Keywords: Automated vulnerabilities fixing; Evolutionary programming; Islamic websites; SQL injection; Web attack
Depositing User: Nursyafinaz Mohd Noh
Date Deposited: 18 Jun 2015 03:07
Last Modified: 08 Jun 2016 08:33
Altmetrics: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7020604
URI: http://psasir.upm.edu.my/id/eprint/38838
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item