Prevention of Website SQL Injection Using a New Query Comparison and Encryption Algorithm
Authors : Mahmoud Baklizi, Issa
Atoum, Mohammad
Al-Sheikh Hasan,
Nibras Abdullah, Ola A
Al-Wesabi, Ahmed Ali
Otoom
Abstract : Nowadays, a web application has become necessary in all organizations. Which deals directly with the databases in which data and information are stored, organized, retrieved, and processed. Therefore, most of its attacks are on databases. Therefore, web applications must be secure enough to prevent access to customs databases, destruction, and theft of bank accounts and transactions. Thus, most SQL injection attacks are carried out through character spacing, as it is the tool used by hackers to find a vulnerability on the web. This paper proposes a new algorithm to prevent hackers from accessing databases early on through the web application without accessing databases. The proposed algorithm is designed to protect the web application from being voluntarily inserted by using a bind parameter, blocking the hacker's address, and rejecting his request when executing the query. Also, this algorithm is designed to work in more than one layer, as it works at the web application and URL levels so that things are sufficiently protected. The comparison was made with the algorithms SQLPMDS, SIUQAPTT, and blind SQL injection, and the results showed that the presented algorithm gave better results based on more than one measure.
Keywords : SQL Injection, Prevention, Character Spacing, SQLPMDS, SIUQAPTT, Bind SQL Injection
رابط البحث
A Technical Review of SQL Injection Tools and Methods: A Case Study of SQLMap
Authors : Mahmoud Baklizi, Issa
Atoum, Nibras
Abdullah, Ola A AlWesabi, Ahmed Ali
Otoom, Mohammad
Al-Sheikh Hasan
Abstract : SQL injection is considered one of the most dangerous threats to websites and also databases, such vulnerability enabling the attacker to access the web and the databases. As it accesses databases it might change, steal the data, or destroy the database utterly. Currently, and with the implementation of sqlmap found in the literature being scarce and limited, SQL injection detection tools and methods are used without any detailed analysis of their strength and weakness. This paper demonstrated different types of SQL injection with an example, also we know how to detect the SQL injection, the paper shows the important tools that enable the detection of dangerous attacks to prevent the SQL injection and compares them according to the important performance parameter measures. Finally, with the implementation adopted on an ethical and legal website, the proposed paper implemented the most important tool which is called sqlmap. The implementation results reveal access to the database and extract the username and password.
Keywords : SQL Injection, SQLMap, SQL Tools, Blind Injection, Website Vulnerabilities
رابط البحث
Challenges of Software Requirements Quality Assurance and Validation: A Systematic Literature Review
Authors : Issa Atoum, Mahmoud
Khalid Baklizi, Izzat
Alsmadi, Ahmed Ali
Otoom, Taha Alhersh,
Jafar Ababneh, Jameel
Almalki, Saeed
Masoud Alshahran
Abstract : Validation of software requirements is a primary phase in requirements engineering that ensures requirements match the target system with the intended needs of the acquirer. It aims to detect and correct errors that prevail in the specified requirements. Although there are tremendous requirements validation approaches, some software may fail because of limited or ineffective requirements validation techniques and unreliable requirements’ quality characteristics. In this study, a systematic literature review of requirements validation is performed. The study analyzes the most adopted validation techniques, reports requirements quality characteristics, and discovers significant challenges of validation techniques. The review identified 66 relevant primary studies analyzed to derive deep insights into the following aspects of requirements validation: trends of requirements validation methods, including their subtechnique strengths and weaknesses, requirements quality characteristics categories, and adopted tools and datasets in these techniques. We grouped validation techniques into categories: prototyping, inspection, knowledge-oriented, test-oriented, modeling and assessment, and formal models. The analysis reported 19 validation techniques, 27 tools, new requirements validation characteristics, and several challenges that prevailed through validation techniques. The trend of validation techniques is to those methods that apply machine learning techniques with knowledge from dictionaries and ontologies. Most challenges are about how to express the requirements and how to revert clients’ feedback. There is a strong relationship between validation techniques, software application domain, and requirements validation quality attributes. Thus, there is an immense need to unify the quality characteristics and domain-specific validation methods.
Keywords : Software
,
Tools
,
Stakeholders
,
Systematics
,
Requirements engineering
,
Bibliographies
,
Protocols
رابط البحث
Holistic Cyber Security Implementation Frameworks: A Case Study of Jordan
Authors : Issa Atoum, Ahmed
Otoom, Amer Abu Ali
Abstract : This article applied a previously proposed holistic cyber security implementation framework (HCS-IF) to implement the National Information Assurance and Cyber Security Strategy (NIACSS) of Jordan. The NIACSS identifies strategic objectives, national priorities, and an implementation road map. For clarity, we went through HCS-IF's major components. This process is intended to show a proof of concept; the complete analysis may take several hundreds of pages. Results showed that the HCS-IF is applicable to Jordan NIACSS.
Keywords : cyber security
implementation,
Holistic cyber
security, Security
strategic controls,
Strategy
implementation
framework
رابط البحث
A Classification Scheme for Cybersecurity Models
Authors : Issa Atoum,
and Ahmed Otoom
Abstract : Cybersecurity is important for information dissemination, privacy and the human life.
Managing cybersecurity related issues (such as banking hacks or phishing scams) during
development, operation, and maintenance of cybersecurity models is a challenging task.
Nearly no guidance is available on how to select, adapt, combine, and evolve
cybersecurity models. This problem is due to the nature of cybersecurity models that are
highly context-dependent. Therefore, cybersecurity models need to be adaptable and in
accordance with the respective project goals. Consequently, encouraging decision makers
to assign and plan human resources and technologies, and to enhance communication
between relevant stakeholders. We defined a classification scheme, a global criterion for
any cybersecurity model and then used it to compare a large set of cybersecurity models.
Results showed that our scheme is able to identify cybersecurity models based on
organizational needs. Furthermore, we found a research gap in regard to cybersecurity
models that need to be implemented internationally.
Keywords : cybersecurity implementation frameworks, cybersecurity strategy, threat
analysis.
رابط البحث
Effective Belief Network for Cyber Security Frameworks
Authors : Issa Atoum, Ahmed
Otoom
Abstract : Cyber security frameworks direct the implementation of cyber security solutions.
Managing the implementation of cyber security frameworks is a difficult task due to many
problems. Part of these problems are concealed in the framework interdependent
components (variables). Various works identified these variables, but they did not show
their relationships. In order to reduce potential threats at an early phase of cyber security
implementations, a clear understanding of the relationships between these variables is
required. This article proposes a causal cyber security belief network in order to facilitate
frameworks execution thus reducing threats. The proposed model was tested on random
data as well as data provided by the experts. The resultant belief network shows that
cyber security objectives are achievable with theoretical minimum threats.
Keywords : cyber security implementation frameworks, belief networks, cyber security
strategy, threat analysis.
رابط البحث
Holistic Performance Model for Cyber Security
Implementation Frameworks
Authors : Issa Atoum, Ahmed
Otoom
Abstract : The performance measurement process identifies if an implementation process is
within acceptable thresholds. Performance measures for cyber security implementation
frameworks are considered strategic controls because it can guide the implementation
process. Consequently, corrective or predictive actions could be applied to resolve a
security issue early in the implementation process. However, to our knowledge, there are
no performance measures designed to function at the country level for cyber security
implementation frameworks. As a result, cyber security strategy implementation process
is left uncontrolled. To resolve this issue, this article proposes a new holistic performance
model that is based on the well-known balanced scorecard. It aggregates performance
measures from various entities involved in executing cyber security strategies. The
inception of the proposed model draws its applicability to address performance
measurement of holistic cyber security implementation frameworks.
Keywords : Cyber Security Implementation Frameworks, Performance Measurement,
Balanced Scorecard
رابط البحث
A Comprehensive Comparative Study of Word and Sentence Similarity Measures
Authors : Issa Atoum, Ahmed Otoom, Narayanan Kulathuramaiyer
Abstract : Sentence similarity is considered the basis of many natural language tasks such as information
retrieval, question answering and text summarization. The semantic meaning between compared text
fragments is based on the words semantic features and their relationships. This article reviews a set
of word and sentence similarity measures and compares them on benchmark datasets. On the
studied datasets, results showed that hybrid semantic measures perform better than both knowledge
and corpus based measures.
Keywords : semantic Similarity,
Natural Language
Processing,
Computational
Linguistics, Text
Similarity
رابط البحث
Mining Software Quality from Software Reviews: Research Trends and Open Issues
Authors : Issa Atoum, Ahmed Otoom
Abstract : Software review text fragments have considerably valuable information about users experience. It includes a huge set of properties including the software quality. Opinion mining or sentiment analysis is concerned with analyzing textual user judgments. The application of sentiment analysis on software reviews can find a quantitative value that represents software quality. Although many software quality methods are proposed they are considered difficult to customize and many of them are limited. This article investigates the application of opinion mining as an approach to extract software quality properties. We found that the major issues of software reviews mining using sentiment analysis are due to software lifecycle and the diverse users and teams.
Keywords : Software Quality-inuse, Clustering,
Topic Models,
Opinion Mining
Tasks
رابط البحث
Efficient Hybrid
Semantic Text
Similarity using
Wordnet and a
Corpus
Authors : Efficient Hybrid
Semantic Text
Similarity using
Wordnet and a
Corpus
Abstract : Text similarity plays an important role in natural language processing tasks such as answering
questions and summarizing text. At present, state-of-the-art text similarity algorithms rely on inefficient
word pairings and/or knowledge derived from large corpora such as Wikipedia. This article evaluates
previous word similarity measures on benchmark datasets and then uses a hybrid word similarity in a
novel text similarity measure (TSM). The proposed TSM is based on information content and WordNet
semantic relations. TSM includes exact word match, the length of both sentences in a pair, and the
maximum similarity between one word and the compared text. Compared with other well-known
measures, results of TSM are surpassing or comparable with the best algorithms in the literature.
Keywords : text similarity,
distributional
similarity,
information content,
knowledge-based
similarity, corpusbased similarity,
WordNet
رابط البحث
A holistic cyber security implementation framework
Authors : Issa Atoum, Ahmed Otoom, Amer Abu Ali
Abstract : The purpose of this paper is to propose a holistic cyber security implementation framework (HCS-IF)
that lays out the ground for a conceptual, coherent, systematic, overarching and consolidated
approach to implement cyber security strategies (CSSs).
– The HCS-IF is conceptually proposed to address the actual needs that are extracted from literature
review. The HCS-IF uses and integrates a set of high-level conceptual security controls, solutions,
processes, entities, tools, techniques or mechanisms that are already known in the domains of
information security management, software engineering and project management to address the
identified needs.
– The HCS-IF components and controls collectively interact and cooperate to implement CSSs. The
proposed framework is compared …
Keywords : Information security
management, Cyber
security
implementation,
Holistic cyber
security, Security
strategic controls,
Strategy
implementation
framework
رابط البحث
An Implementation Framework (IF) for the
National Information Assurance and Cyber
Security Strategy (NIACSS) of Jordan
Authors : Ahmed Otoom, Issa
Atoum
Abstract : This paper proposes an implementation framework that lays out the ground for a coherent,
systematic, and comprehensive approach to implement the National Information Assurance and
Cyber Security Strategy (NIACSS) of Jordan. The Framework 1). Suggests a methodology to analyze
the NIACSS, 2). Illustrates how the NIACSS analysis can be utilized to design strategic moves and
develop an appropriate functional structure, and 3). proposes a set of adaptable strategic controls that
govern the NIACSS implementation and allow achieving excellence, innovation, efficiency, and
quality.The framework, if adopted, is expected to harvest several advantages within the following
areas: information security implementation management, control and guidance, efforts consolidation,
resource utilization, productive collaboration, and completeness. The framework is flexible and
expandable; therefore, it can be generalized
Keywords : Ahmed Otoom, Issa
Atoum
رابط البحث