Graduation Year

2015

Document Type

Thesis

Degree

M.S.C.S.

Degree Name

MS in Computer Science (M.S.C.S.)

Degree Granting Department

Engineering

Major Professor

Yicheng Tu, Ph.D.

Committee Member

Jay Ligatti, Ph.D.

Committee Member

Yao Liu, Ph.D.

Keywords

bisection, inferential, microsoft sql server, security, web attacks

Abstract

SQL Injections are still a prominent threat on the web. Using a custom built tool, BlindCanSeeQL (BCSQL), we will explore how to automate Blind SQL attacks to discover database schema using fewer requests than the standard methods, thus helping avoid detection from overloading a server with hits. This tool uses a web crawler to discover keywords that assist with autocompleting schema object names, along with improvements in ASCII bisection to lower the number of requests sent to the server. Along with this tool, we will discuss ways to prevent and protect against such attacks.

Share

COinS