Review and Measuring the Efficiency of SQL Injection Method in Preventing E-Mail Hacking

Ahmed A. M. Sharadqeh; As'ad Mahmoud Alnaser; Omar Al Heyasat; Ashraf Abdel-Karim Abu-Ein; Hazem (Moh'd Said) Hatamleh

doi:10.4236/ijcns.2012.56044

International Journal of Communications, Network and System Sciences > Vol.5 No.6, June 2012

Review and Measuring the Efficiency of SQL Injection Method in Preventing E-Mail Hacking

Ahmed A. M. Sharadqeh, As'ad Mahmoud Alnaser, Omar Al Heyasat, Ashraf Abdel-Karim Abu-Ein, Hazem (Moh'd Said) Hatamleh
Computer Engineering Department, Al-Balqa’ Applied University, Salt, Jordan.
Computer Engineering Department, Faculty of Engineering Technology, Al-Balqa’ Applied University, Amman, Jordan.
Computer Science Department, Ajloun University College, Al-Balqa’ Applied University, Ajloun, Jordan.
DOI: 10.4236/ijcns.2012.56044 PDF HTML 4,759 Downloads 8,357 Views Citations

Abstract

E-mail hackers use many methods in their work, in this article, most of such efficient methods are demonstrated and compared. Different methods and stages of such methods are listed here, in order to reveal such methods and to take care of them but the most common discussed method in this paper is SQL method. SQL injection is a type of security exploit in which the attacker adds SQL statements through a web application's input fields or hidden parameters to gain access to resources or make changes to data. It is found that the SQL is an efficient way in preventing E-mail hacking and its efficiency reaches about 80%. The method of SQL injection can be considered as an efficient way comparing with other methods.

Keywords

E-Mail; Hackers; SQL; Security

Share and Cite:

A. Sharadqeh, A. Alnaser, O. Heyasat, A. Abu-Ein and H. Hatamleh, "Review and Measuring the Efficiency of SQL Injection Method in Preventing E-Mail Hacking," International Journal of Communications, Network and System Sciences, Vol. 5 No. 6, 2012, pp. 337-342. doi: 10.4236/ijcns.2012.56044.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	C. Cerrudo, “Manipulating Microsoft SQL Server Using SQL Injection,” Application Security, Inc., 2005. http://research.mwjournal.com/detail/RES/1124462486_292.html
[2]	D. Das, U. Sharma and D. K. Bhattacharyya, “An Approach to Detection of SQL Injection Attack Based on Dynamic Query Matching,” International Journal of Computer Applications, Vol. 1, No. 25, 2010, pp. 28-34.
[3]	G. B. Shelly, T. J. Cashman and M. E. Vermaat, “Discovering Computers 2005: A Gateway to Information,” Course Technology, Boston, 2004.
[4]	K. Stasiak, “Web Application Security,” Information Systems Control Journal, Vol. 6, 2002. http://www.isaca.org/Content/ContentGroups/Journal1/20023/Web_Application_Security.htm
[5]	P. Carey, “Creating Web Pages with HTML and Dynamic HTML,” Course Technology, Boston, 2001.
[6]	M. Roche, “Wireless Hacking Tools,” 2007. http://www.cse.wustl.edu/~jain/cse57107/ftp/wireless_hacking/2007
[7]	S. Garfenkel and G. Spafford, “Secure AGI/CGI Programming,” World Wide Web Journal, Vol. 2, No. 3, 1997. http://www.w3j.com/7/s3.garfinkel.wrap.html.
[8]	W. Ke, M. Muthuprasanna and S. Kothari, “Preventing SQL Injection Attacks in Stored Procedures,” Proceedings of the Australian Software Engineering Conference, Brisbane, 31 March-1 April 2005, pp. 191-1978.
[9]	F. M. Pinguelo and B. W. Muller, “Virtual Crimes, Real Damages Part II,” Virginia Journal of Law & Technology, Vol. 17, No. 1, 2010.

Journals Menu

Follow SCIRP

	+1 323-425-8868
	customer@scirp.org
	+86 18163351462(WhatsApp)
	1655362766

	Paper Publishing WeChat

Journals Menu

Home

About SCIRP

Service

Policies