ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

Analysis and Penetration Testing Eprocurement Application with SQL Injection

Journal: International Research Journal of Advanced Engineering and Science (Vol.4, No. 3)

Publication Date:

Authors : ;

Page : 366-368

Keywords : Eprocurement Application; SQL Injection; Blackbox Testing;

Source : Downloadexternal Find it from : Google Scholarexternal

Abstract

— Eprocurement is a web-based application that is used for processing goods and services in one of social security company. Security in applications is certainly the main thing because organizational data must be kept confidential. On the other hand, this application can be accessed via internet. ISO 27001 A12.6 Control Objective (Technical Vulnerability Management) states that "information about the technical vulnerability of the information system used must be obtained in a timely manner, the organization's exposure to the vulnerability is evaluated and appropriate actions taken to address the associated risks". One attempt to evaluate the security of a system is by doing penetration testing. Penetration testing helps identify vulnerability gaps and provides details about vulnerabilities or threats that exist on the system, and provides guidance on how to overcome them. Therefore in this study an analysis and penetration testing of the eprocurement application for SQL Injection was carried out using the blackbox method. From the test results will get eprocurement application vulnerabilities along with recommendations for handling sql injection.

Last modified: 2020-06-12 20:38:48