Database Forensics in Software as A Service Service using Stored Procedure
Article Sidebar
Published:
Jan 6, 2021
Keywords:
Stored Procedure, SQLI, SQLIA, Encryption, Decryption
Section
Computer Science
Statistics Article
Article View : 184 Times
Main Article Content
Abstract
Recently, the use of web-based applications has increased significantly, especially online services, most of which are used for digital transaction activities that use the internet. However, the increasing use of online services often ignores the privacy and security aspects of an application, web developers making it an attractive target for security concerns. In this article, the proposed countermeasures include two mechanisms, namely: the use of stored procedure parameters, and the use of stored procedure encryption in SQL server. The goal is to prevent the dangers of internet crime attacks using structured query language injection attacks (SQLIA). In addition, an analytical evaluation of prevention and protection should also be carried out. The solution offered is prevention and protection using stored procedures because it can prevent SQLI attacks effectively and efficiently.
Downloads
Download data is not yet available.
Article Details
How to Cite
Umar, R., Riadi, I. and Purwanto, P. (2021) “Database Forensics in Software as A Service Service using Stored Procedure”, Jurnal Mantik, 5(4), pp. 2127-2135. Available at: https://www.iocscience.org/ejournal/index.php/mantik/article/view/1889 (Accessed: 16March2025).
References
[1] J. Gondohanindijo, “Teknologi Internet Berbasis Komputer Awan (Cloud Computing),” Komputaki, vol. 1, no. 1, pp. 10–27, 2016.
[2] I. Mutia, “Jurnal String Vol . 1 No . 1 Tahun 2016 ISSN?: 2527 – 9661 PEMANFAATAN KOMPUTASI AWAN ( CLOUD COMPUTING ) BAGI Pendahuluan ISSN?: 2527 – 9661 Tinjauan Pustaka,” String, vol. 1, no. 1, pp. 1–9, 2016.
[3] M. Hänninen, “Review of studies on digital transaction platforms in marketing journals,” Int. Rev. Retail. Distrib. Consum. Res., no. August, 2019, doi: 10.1080/09593969.2019.1651380.
[4] D. E. W. H. W. Liana Endah Susanti, Ratna Anggraini, “the Analysis of Standard Agreement in Credit Transactions Through Financial Technology Viewed From Law No. 8 of 1999 Concerning Consumer Protection,” UNIFIKASI J. Ilmu Huk., vol. 6, no. 1, p. 61, 2019, doi: 10.25134/unifikasi.v6i1.1603.
[5] G. Buehrer, B. W. Weide, and P. A. G. Sivilotti, “Using parse tree validation to prevent SQL injection attacks,” SEM 2005 - Proc. 5th Int. Work. Softw. Eng. Middlew., no. May, pp. 106–113, 2005, doi: 10.1145/1108473.1108496.
[6] M. Muthuprasanna, W. Ke, and S. Kothari, “Eliminating SQL injection attacks - A transparent defense mechanism,” Proc. Eighth IEEE Int. Symp. Web Site Evol. WSE 2006, pp. 22–30, 2006, doi: 10.1109/WSE.2006.9.
[7] W. G. J. Halfond, S. R. Choudhary, and A. Orso, “Improving penetration testing through static and dynamic analysis,” Softw. Test. Verif. Reliab., vol. 21, no. 3, pp. 195–214, 2011, doi: 10.1002/stvr.450.
[8] N. S. Ali, “A four-phase methodology for protecting web applications using an effective real-time technique,” Int. J. Internet Technol. Secur. Trans., vol. 6, no. 4, p. 303, 2016, doi: 10.1504/ijitst.2016.10003854.
[9] P. Ahluwalia, U. Varshney, K. S. Koong, and J. Wei, “Ubiquitous, mobile, pervasive and wireless information systems: Current research and future directions,” Int. J. Mob. Commun., vol. 12, no. 2, pp. 103–141, 2014, doi: 10.1504/IJMC.2014.059738.
[10] S. Shrivastava and R. Tripathi, “Attacks Due to SQL injection & their Prevention Method for Web-Application,” Int. J. Comput. Sciecne …, vol. 3, no. 2, pp. 3615–3618, 2012.
[11] J. P. Shim, U. Varshney, S. Dekleva, and G. Knoerzer, “Mobile and wireless networks: Services, evolution and issues,” Int. J. Mob. Commun., vol. 4, no. 4, pp. 405–417, 2006, doi: 10.1504/IJMC.2006.008949.
[12] D. Abdoulaye Kindy and A.-S. Khan Pathan, “A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies.”
[13] M. Y. Kim and D. H. Lee, “Data-mining based SQL injection attack detection using internal query trees,” Expert Syst. Appl., vol. 41, no. 11, pp. 5416–5430, 2014, doi: 10.1016/j.eswa.2014.02.041.
[14] A. S. Tsiaousis and G. M. Giaglis, “Mobile websites: Usability evaluation and design,” Int. J. Mob. Commun., vol. 12, no. 1, pp. 29–55, 2014, doi: 10.1504/IJMC.2014.059241.
[15] N. S. Ali, A. S. Shibghatullah, and M. H. Al Attar, “Review of the defensive approaches for structured query language injection attacks and their countermeasures,” J. Theor. Appl. Inf. Technol., vol. 76, no. 2, pp. 258–269, 2015.
[16] A. K. Baranwal, “Approaches to detect SQL injection and XSS in web applications,” Eece 571B, Term Surv. Pap. April 2012, no. April, 2012.
[17] S. D. Ankush, “XSS Attack Prevention Using DOM based filtering API XSS Attack Prevention Using DOM based fitering API,” Dep. Comput. Sci. Eng. Natl. Inst. Technol. Rourkela Rourkela – 769 008, India, 2014.
[18] M. Yassin, H. Ould-Slimane, C. Talhi, and H. Boucheneb, “SQLIIDaaS: A SQL Injection Intrusion Detection Framework as a Service for SaaS Providers,” Proc. - 4th IEEE Int. Conf. Cyber Secur. Cloud Comput. CSCloud 2017 3rd IEEE Int. Conf. Scalable Smart Cloud, SSC 2017, pp. 163–170, 2017, doi: 10.1109/CSCloud.2017.27.
[19] A. Fadlil, I. Riadi, and A. Nugrahantoro, “Data Security for School Service Top-Up Transactions Based on AES Combination Blockchain Technology,” Lontar Komput. J. Ilm. Teknol. Inf., vol. 11, no. 3, p. 155, 2020, doi: 10.24843/lkjiti.2020.v11.i03.p04.
[20] I. Riadi, S. Sunardi, and E. Handoyo, “Security Analysis of Grr Rapid Response Network using COBIT 5 Framework,” Lontar Komput. J. Ilm. Teknol. Inf., vol. 10, no. 1, p. 29, 2019, doi: 10.24843/lkjiti.2019.v10.i01.p04.
[21] E. Haryanto and I. Riadi, “Forensik Internet Of Things pada Device Level berbasis Embedded System,” J. Teknol. Inf. dan Ilmu Komput., vol. 6, no. 6, p. 703, 2019, doi: 10.25126/jtiik.2019661828.
[22] Sunardi, I. Riadi, and M. H. Akbar, “Penerapan Metode Static Forensics untuk Ekstraksi File Steganografi pada Bukti Digital Menggunakan Framework DFRWS,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 4, no. 3, pp. 576–583, 2020.
[23] I. Zuhriyanto, A. Yudhana, and I. Riadi, “Analisis Perbandingan Tools Forensic pada Aplikasi Twitter Menggunakan Metode Digital Forensics Research Workshop,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 4, no. 5, pp. 829–836, 2020.
[24] A. Wijaya, “Sistem Enkripsi Menggunakan Algoritma Aes-128 Pada Prototype Community Messenger Berbasis Android Encryption System Using Aes-128 Algorithm on Prototype Community Messenger Android-Based,” vol. 2, no. 2, pp. 3306–3311, 2015.
[25] Y. Prihartono and G. Bagio, “Pengembangan Aplikasi Pengamanan File Sebagai Solusi Keamanan Data pada Smartphone Berbasis,” Semin. Nas. Sist. Inf. Indones., vol. 1, no. 1, pp. 1–8, 2016.
[26] S. Rizvi, A. Kurtz, I. Williams, J. Gualdoni, I. Myzyri, and M. Wheeler, “Protecting financial transactions through networks and point of sales,” J. Cyber Secur. Technol., vol. 4, no. 4, pp. 211–239, 2020, doi: 10.1080/23742917.2020.1796474.
[27] B. A. Sassani Sarrafpour, R. Del Pilar Soria Choque, B. Mitchell Paul, and F. Mehdipour, “Commercial security scanning: Point-on-Sale (POS) vulnerability and mitigation techniques,” Proc. - IEEE 17th Int. Conf. Dependable, Auton. Secur. Comput. IEEE 17th Int. Conf. Pervasive Intell. Comput. IEEE 5th Int. Conf. Cloud Big Data Comput. 4th Cyber Sci., pp. 493–498, 2019, doi: 10.1109/DASC/PiCom/CBDCom/CyberSciTech.2019.00099.
[28] D. Shirkhedkar and S. Patil, “Design of digital forensic technique for cloud computing,” Int. J. Adv. Res. Comput. Sci., vol. 7782, no. 4, pp. 192–194, 2014.
[29] X. Feng and Y. Zhao, “Digital forensics challenges to big data in the cloud,” Proc. - 2017 IEEE Int. Conf. Internet Things, IEEE Green Comput. Commun. IEEE Cyber, Phys. Soc. Comput. IEEE Smart Data, iThings-GreenCom-CPSCom-SmartData 2017, vol. 2018-Janua, pp. 858–862, 2018, doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2017.132.
[30] J. Enkripsi, “Jenis-Jenis Enkripsi http://fajj27blog.wordpress.com/2009/01/05/jenis_enkripsi 1,” pp. 1–31, 2009.
[31] Ritzkal, R. and Setiadi, D., 2021. Data Storage System Arrival and Departure Airnav Halim Perdana Kusuma Airport. Jurnal Mantik, 5(2), pp.555-562.
[32] Ritzkal, R., Prakosa, B.A. and Maulana, R.J., 2021. Human Heart Rate Detection With Web Monitoring. Jurnal Mantik, 5(3), pp.1676-1683.
[2] I. Mutia, “Jurnal String Vol . 1 No . 1 Tahun 2016 ISSN?: 2527 – 9661 PEMANFAATAN KOMPUTASI AWAN ( CLOUD COMPUTING ) BAGI Pendahuluan ISSN?: 2527 – 9661 Tinjauan Pustaka,” String, vol. 1, no. 1, pp. 1–9, 2016.
[3] M. Hänninen, “Review of studies on digital transaction platforms in marketing journals,” Int. Rev. Retail. Distrib. Consum. Res., no. August, 2019, doi: 10.1080/09593969.2019.1651380.
[4] D. E. W. H. W. Liana Endah Susanti, Ratna Anggraini, “the Analysis of Standard Agreement in Credit Transactions Through Financial Technology Viewed From Law No. 8 of 1999 Concerning Consumer Protection,” UNIFIKASI J. Ilmu Huk., vol. 6, no. 1, p. 61, 2019, doi: 10.25134/unifikasi.v6i1.1603.
[5] G. Buehrer, B. W. Weide, and P. A. G. Sivilotti, “Using parse tree validation to prevent SQL injection attacks,” SEM 2005 - Proc. 5th Int. Work. Softw. Eng. Middlew., no. May, pp. 106–113, 2005, doi: 10.1145/1108473.1108496.
[6] M. Muthuprasanna, W. Ke, and S. Kothari, “Eliminating SQL injection attacks - A transparent defense mechanism,” Proc. Eighth IEEE Int. Symp. Web Site Evol. WSE 2006, pp. 22–30, 2006, doi: 10.1109/WSE.2006.9.
[7] W. G. J. Halfond, S. R. Choudhary, and A. Orso, “Improving penetration testing through static and dynamic analysis,” Softw. Test. Verif. Reliab., vol. 21, no. 3, pp. 195–214, 2011, doi: 10.1002/stvr.450.
[8] N. S. Ali, “A four-phase methodology for protecting web applications using an effective real-time technique,” Int. J. Internet Technol. Secur. Trans., vol. 6, no. 4, p. 303, 2016, doi: 10.1504/ijitst.2016.10003854.
[9] P. Ahluwalia, U. Varshney, K. S. Koong, and J. Wei, “Ubiquitous, mobile, pervasive and wireless information systems: Current research and future directions,” Int. J. Mob. Commun., vol. 12, no. 2, pp. 103–141, 2014, doi: 10.1504/IJMC.2014.059738.
[10] S. Shrivastava and R. Tripathi, “Attacks Due to SQL injection & their Prevention Method for Web-Application,” Int. J. Comput. Sciecne …, vol. 3, no. 2, pp. 3615–3618, 2012.
[11] J. P. Shim, U. Varshney, S. Dekleva, and G. Knoerzer, “Mobile and wireless networks: Services, evolution and issues,” Int. J. Mob. Commun., vol. 4, no. 4, pp. 405–417, 2006, doi: 10.1504/IJMC.2006.008949.
[12] D. Abdoulaye Kindy and A.-S. Khan Pathan, “A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies.”
[13] M. Y. Kim and D. H. Lee, “Data-mining based SQL injection attack detection using internal query trees,” Expert Syst. Appl., vol. 41, no. 11, pp. 5416–5430, 2014, doi: 10.1016/j.eswa.2014.02.041.
[14] A. S. Tsiaousis and G. M. Giaglis, “Mobile websites: Usability evaluation and design,” Int. J. Mob. Commun., vol. 12, no. 1, pp. 29–55, 2014, doi: 10.1504/IJMC.2014.059241.
[15] N. S. Ali, A. S. Shibghatullah, and M. H. Al Attar, “Review of the defensive approaches for structured query language injection attacks and their countermeasures,” J. Theor. Appl. Inf. Technol., vol. 76, no. 2, pp. 258–269, 2015.
[16] A. K. Baranwal, “Approaches to detect SQL injection and XSS in web applications,” Eece 571B, Term Surv. Pap. April 2012, no. April, 2012.
[17] S. D. Ankush, “XSS Attack Prevention Using DOM based filtering API XSS Attack Prevention Using DOM based fitering API,” Dep. Comput. Sci. Eng. Natl. Inst. Technol. Rourkela Rourkela – 769 008, India, 2014.
[18] M. Yassin, H. Ould-Slimane, C. Talhi, and H. Boucheneb, “SQLIIDaaS: A SQL Injection Intrusion Detection Framework as a Service for SaaS Providers,” Proc. - 4th IEEE Int. Conf. Cyber Secur. Cloud Comput. CSCloud 2017 3rd IEEE Int. Conf. Scalable Smart Cloud, SSC 2017, pp. 163–170, 2017, doi: 10.1109/CSCloud.2017.27.
[19] A. Fadlil, I. Riadi, and A. Nugrahantoro, “Data Security for School Service Top-Up Transactions Based on AES Combination Blockchain Technology,” Lontar Komput. J. Ilm. Teknol. Inf., vol. 11, no. 3, p. 155, 2020, doi: 10.24843/lkjiti.2020.v11.i03.p04.
[20] I. Riadi, S. Sunardi, and E. Handoyo, “Security Analysis of Grr Rapid Response Network using COBIT 5 Framework,” Lontar Komput. J. Ilm. Teknol. Inf., vol. 10, no. 1, p. 29, 2019, doi: 10.24843/lkjiti.2019.v10.i01.p04.
[21] E. Haryanto and I. Riadi, “Forensik Internet Of Things pada Device Level berbasis Embedded System,” J. Teknol. Inf. dan Ilmu Komput., vol. 6, no. 6, p. 703, 2019, doi: 10.25126/jtiik.2019661828.
[22] Sunardi, I. Riadi, and M. H. Akbar, “Penerapan Metode Static Forensics untuk Ekstraksi File Steganografi pada Bukti Digital Menggunakan Framework DFRWS,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 4, no. 3, pp. 576–583, 2020.
[23] I. Zuhriyanto, A. Yudhana, and I. Riadi, “Analisis Perbandingan Tools Forensic pada Aplikasi Twitter Menggunakan Metode Digital Forensics Research Workshop,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 4, no. 5, pp. 829–836, 2020.
[24] A. Wijaya, “Sistem Enkripsi Menggunakan Algoritma Aes-128 Pada Prototype Community Messenger Berbasis Android Encryption System Using Aes-128 Algorithm on Prototype Community Messenger Android-Based,” vol. 2, no. 2, pp. 3306–3311, 2015.
[25] Y. Prihartono and G. Bagio, “Pengembangan Aplikasi Pengamanan File Sebagai Solusi Keamanan Data pada Smartphone Berbasis,” Semin. Nas. Sist. Inf. Indones., vol. 1, no. 1, pp. 1–8, 2016.
[26] S. Rizvi, A. Kurtz, I. Williams, J. Gualdoni, I. Myzyri, and M. Wheeler, “Protecting financial transactions through networks and point of sales,” J. Cyber Secur. Technol., vol. 4, no. 4, pp. 211–239, 2020, doi: 10.1080/23742917.2020.1796474.
[27] B. A. Sassani Sarrafpour, R. Del Pilar Soria Choque, B. Mitchell Paul, and F. Mehdipour, “Commercial security scanning: Point-on-Sale (POS) vulnerability and mitigation techniques,” Proc. - IEEE 17th Int. Conf. Dependable, Auton. Secur. Comput. IEEE 17th Int. Conf. Pervasive Intell. Comput. IEEE 5th Int. Conf. Cloud Big Data Comput. 4th Cyber Sci., pp. 493–498, 2019, doi: 10.1109/DASC/PiCom/CBDCom/CyberSciTech.2019.00099.
[28] D. Shirkhedkar and S. Patil, “Design of digital forensic technique for cloud computing,” Int. J. Adv. Res. Comput. Sci., vol. 7782, no. 4, pp. 192–194, 2014.
[29] X. Feng and Y. Zhao, “Digital forensics challenges to big data in the cloud,” Proc. - 2017 IEEE Int. Conf. Internet Things, IEEE Green Comput. Commun. IEEE Cyber, Phys. Soc. Comput. IEEE Smart Data, iThings-GreenCom-CPSCom-SmartData 2017, vol. 2018-Janua, pp. 858–862, 2018, doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2017.132.
[30] J. Enkripsi, “Jenis-Jenis Enkripsi http://fajj27blog.wordpress.com/2009/01/05/jenis_enkripsi 1,” pp. 1–31, 2009.
[31] Ritzkal, R. and Setiadi, D., 2021. Data Storage System Arrival and Departure Airnav Halim Perdana Kusuma Airport. Jurnal Mantik, 5(2), pp.555-562.
[32] Ritzkal, R., Prakosa, B.A. and Maulana, R.J., 2021. Human Heart Rate Detection With Web Monitoring. Jurnal Mantik, 5(3), pp.1676-1683.
Copyright and Licensing
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.