One approach to the testing of security of proposed database application software

Authors:
Siniša S. Ilić;Ljubomir Lazić;Petar Spalević
Affiliations:
Department of Computer Sciences, University of Priština, Kosovska Mitrovica, Serbia;Department of Computer Sciences, University of Priština, Kosovska Mitrovica, Serbia;Department of Computer Sciences, University of Priština, Kosovska Mitrovica, Serbia
Venue:
Proceedings of the 15th WSEAS international conference on Computers
Year:
2011

Citing 9
Cited 0

RSA security's official guide to cryptography

RSA security's official guide to cryptography
DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Using parse tree validation to prevent SQL injection attacks

SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
A new intrusion detection system using support vector machines and hierarchical clustering

The VLDB Journal — The International Journal on Very Large Data Bases
Policy-Based Enforcement of Database Security Configuration through Autonomic Capabilities

ICAS '08 Proceedings of the Fourth International Conference on Autonomic and Autonomous Systems
Towards Automation of Testing High-Level Security Properties

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast

Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast
Automatic creation of SQL Injection and cross-site scripting attacks

ICSE '09 Proceedings of the 31st International Conference on Software Engineering
SQL Injection Attacks and Defense

SQL Injection Attacks and Defense

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents the concept of database configuration and development considering security issues especially when connected to internet. Regardless of precautions on security voulnerabilities implemented on other levels of database environment, such as: network, operating system, client application, it is important to protect database itself by avoiding well known database security issues. In order to prove that proposed configuration has a high level of security protection, security testing has to be performed. The overall goal of security testing is to reduce vulnerabilities within a software system and we have proposed testing methodology including code review and vulnerability assessment that represent the most widespread of best practices for software security assurance.