Now a day’s cyber-attacks are increasing extremely on web application, mobile apps, networks which are morevulnerable for websites, web application. In vulnerability Assessment and Penetration testing the most vulnerableattack on websites, web application is SQL Injection. SQL Injection is a type of attack in which attacker trying tofetch database by manipulating SQL Queries. SQL Injection is common but the most popular attack in which theattacker intercepts the http request in which SQL query is passed with parameters, so attacker gain the access onSQL database in backend. This attack is the most vulnerable because attacker attacks on the database of thewebsite and retrieves data from the tables. Authentication bypass, Data Breach, read source code from files on thedatabase server, admin panel access, web application firewall bypass (mod security) can be done with SQLInjection. In this research paper deal with how an attacker can bypass the web application firewall which isenabled before web site hosting, also developing mechanism which can be helpful to prevent the SQL Injection onthe websites, web-apps. I proposed model using a penetration testing technique which is useful to identify thefalse negative and false positive response of the WAF. This model guarantees the prevention of SQL Injection byapplying the custom whistling.
展开▼
