SQLi vulnerabilty in education sector websites of Bangladesh

摘要

Bangladesh has announced every Government & Non -Government school and colleges must website. The Web sites have to include all data and information every school and colleges. The goal of this initiative is to ensure equal quality of education and to provide education to the remote areas of the country. Though is a very new concept yet an appreciable number of institutes have already started shifting their systems online. While this advancement is commendable yet there are drawbacks such as security risks of these Web sites and the data in them. One of the easiest yet treacherous security risks of website is SQLi. This paper focuses on various types of SQLi vulnerabilities such as: normal, error based double query, and blind injection techniques and their aggression on the educational Web sites of Bangladesh. Manual penetration testing with black box approach has been implemented in number of Web applications to check the vulnerabilities. The data found has been analyzed to draw statistical conclusion of the present condition of the educational Web sites of Bangladesh.