48 resultados para SQL injection
em Deakin Research Online - Australia
Resumo:
SQL injection vulnerabilities poses a severe threat to web applications as an SQL Injection Attack (SQLIA) could adopt new obfuscation techniques to evade and thwart countermeasures such as Intrusion Detection Systems (IDS). SQLIA gains access to the back-end database of vulnerable websites, allowing hackers to execute SQL commands in a web application resulting in financial fraud and website defacement. The lack of existing models in providing protections against SQL injection has motivated this paper to present a new and enhanced model against web database intrusions that use SQLIA techniques. In this paper, we propose a novel concept of negative tainting along with SQL keyword analysis for preventing SQLIA and described our that we implemented. We have tested our proposed model on all types of SQLIA techniques by generating SQL queries containing legitimate SQL commands and SQL Injection Attack. Evaluations have been performed using three different applications. The results show that our model protects against 100% of tested attacks before even reaching the database layer.
Resumo:
While SQL injection attacks have been plaguing web applications for years the threat they pose to RFID systems have only identified recently. Because the architecture of web systems and RFID systems differ considerably the prevention and detection techniques proposed for web applications are not suitable for RFID systems. In this paper we propose a system to secure RFID systems against tag based SQLIA. Our system is optimized for the architecture of RFID systems and consists of a query structure matching technique and tag data cleaning technique. The novelty of the proposed system is that it's specifically aimed at RFID systems and has the ability to detect and prevent second order injections which is a problem most current solutions haven't addressed. The preliminary evaluation of our query matching technique is very promising showing very high detection rate with minimal false positives.
Resumo:
While SQL injection attacks have been plaguing web application systems for years, the possibility of them affecting RFID systems was only identified very recently. However, very little work exists to mitigate this serious security threat to RFID-enabled enterprise systems. In this paper, we propose a policy-based SQLIA detection and prevention method for RFID systems. The proposed technique creates data validation and sanitization policies during content analysis and enforces those policies during runtime monitoring. We tested all possible types of dynamic queries that may be generated in RFID systems with all possible types of attacks that can be mounted on those systems. We present an analysis and evaluation of the proposed approach to demonstrate the effectiveness of the proposed approach in mitigating SQLIA.
Resumo:
LabVIEW®-based software for the automation of a sequential injection analysis instrument for the determination of morphine is presented. Detection was based on its chemiluminescence reaction with acidic potassium permanganate in the presence of sodium polyphosphate. The calibration function approximated linearity (range 5 × 10 -10 to 5 × 10 -6M) with a line of best fit of y = 1.05 x + 8.9164 (R2 = 0.9959), where y is the log10 signal (mV) and x is the log10 morphine concentration (M). Precision, as measured by relative standard deviation, was 0.7% for five replicate analyses of morphine standard (5 × 10-8M). The limit of detection (3 σ) was determined as 5 × 10-11 M morphine.
Resumo:
Flow injection methodology is described for the estimation of the total phenolic content of wine using acidic potassium permanganate chemiluminescence detection. Selected simple phenolic compounds including quercetin, rutin, catechin, epicatechin, ferulic acid, caffeic acid, gallic acid, 4-hydroxycinnamic acid and vanillin elicited analytically useful chemiluminescence with detection limits ranging between 4×10−10 and 7×10−7 M. A comparison between the chemiluminescence methodology and other total phenol/antioxidant assays, used by the food and beverage industry, resulted in a good correlation. The chemiluminescence detection was found to be selective with minimal interferences being observed from the non-phenolic components in wine. Analysis of 12 different wines showed that the chemiluminescence method was a rapid way to estimate their antioxidant or total phenolic content.
Resumo:
The determination of the amino acids proline, histidine, tyrosine, arginine, phenylalanine and tryptophan using flow injection analysis (FIA) with chemiluminescence detection is described. Proline was the only amino acid to exhibit chemiluminescence with the tris(2,2-bipyridyl)ruthenium(III) reaction at pH 10. While, histidine was found to selectively enhance the reaction of luminol with Mn(II) salts in a basic medium. Acidic potassium permanganate chemiluminescence was able to selectively determine tyrosine at pH 6.75. Low pressure separations using a C18 guard column allowed the simultaneous determination of tyrosine and tryptophan or phenylalanine and tryptophan with acidic potassium permanganate and copper(II)–amino acid–hydrogen peroxide chemiluminescence, respectively. Precision for each method was less than 3.9% (R.S.D.) for five replicates of a standard (1×10−5 M) and the detection limits ranged between 4×10−9 and 7×10−6 M. Preliminary investigations revealed that the methodology developed was able to selectively determine the individual amino acids in an equimolar mixture of the 20 naturally occurring amino acids.
Resumo:
The mono-isopropylamine salt of glyphosate was selectively determined directly in industrial and commercial formulations using flow injection analysis with tris(2,2′-bipyridyl)ruthenium(II) chemiluminescence detection without the need for separation. Glyphosate and its mono-isopropylamine salt furnished detection limits of 7×10−9 and 3.5×10−10 M and relative standard deviations of 0.4% at 1×10−7 M and 0.8% at 5×10−8 M, respectively. The methodology is robust and reliable with samples subjected only to aqueous dilution prior to analysis.
Resumo:
Flow injection methodology is described for the determination of proline in red and white wines using tris(2,2′-bipyridyl)ruthenium(II) chemiluminescence detection. Selective conditions were achieved for proline at pH 10, while other amino acids and wine components did not interfere. The precision of the method was less than 1.00% (R.S.D.) for five replicates of a standard (4 × 10−6 M) and the detection limit was 1 × 10−8 M. The level of proline in white and sparkling wines using the developed methodology was equivalent to those achieved using HPLC-FMOC amino acid analysis. SPE removal of phenolic material was required for red wines to minimize Ru(bipy)33+ consumption and its associated effect on accuracy.
Resumo:
The limits of detection (3s) for ascorbic acid were 5×10−8 M with acidic potassium permanganate using both flow injection analysis (FIA) and sequential injection analysis (SIA) whereas the soluble manganese(IV) afforded 1×10−8 M and 5×10−9 M for FIA and SIA, respectively. Determinations of ascorbic acid in Vitamin C tablets were achieved with minimal sample pretreatment using a standard additions calibration and gave good agreement with those of iodimetric titration.
Resumo:
A simple, rapid and sensitive method for the determination of psilocin and psilocybin is described. This is the first report on the determination of psilocin and psilocybin using flow injection analysis with acidic potassium permanganate and tris(2,2′-bipyridyl)ruthenium(II) chemiluminescence. The limits of detection (signal-to-noise ratio = 3) are 9 × 10−10 M and 3 × 10−10 M for psilocin and psilocybin, respectively.A concise synthetic route for psilocin in three steps from readily available starting materials is also described. The structures were elucidated on the basis of spectroscopic data.
Resumo:
A simple and rapid method for the analysis of carbohydrates in heroin samples by capillary electrophoresis utilizing a borate complexation method is described. Separations were performed using an uncoated fused silica capillary, 50 cm × 50 mm I.D. × 360 mm O.D. with an effective separation length of 9 cm. The system was run at 60°C with an applied voltage of -8 kilovolts. Injection of each sample was for 1 sec at -50 mbar. UV detection was employed with the wavelength set at 195 nm. The background electrolyte consisted of 65 mM borate, pH 12.0. Samples and standards were prepared in the run buffer containing 2 mg/mL of mannose as an internal standard. Under these conditions a test mixture containing glucose, sucrose, lactose, mannitol and mannose as an internal standard was resolved within 5 min. The method was used to determine the concentration of carbohydrates in heroin seizure samples and synthetic heroin samples. The results were in good agreement with the reported values.
Resumo:
A simple and rapid method for the analysis of heroin seizures by micellar electrokinetic chromatography with short-end injection is described. Separations were performed using an uncoated fused silica capillary, 50 cm×50 mm I.D.×360 mm O.D. with an effective separation length of 8 cm. The system was run at 25°C with an applied negative voltage of –25 kilovolts. Injection of each sample was for 2 s at –50 mbar. UV detection was employed with the wavelength set at 210 nm. The background electrolyte consisted of 85:15 (water:acetonitrile, v/v) containing final concentrations of 25 mM SDS and 15 mM sodium borate, pH 9.5. Samples and standards were prepared in 0.1% v/v acetic acid and diluted in the run buffer containing 1 mg/ml of N,N-dimethyl-5-methoxytryptamine as an internal standard. Under these conditions a text mixture containing caffeine, paracetamol, morphine, codeine, heroin, and acetylcodeine was resolved within 1.5 min. The method was used to determine the concentration of heroin in heroin seizure samples, and the results were in good agreement with those obtained by a validated gas chromatographic method.
Resumo:
Selective determination of morphine in the larvae of Calliphora stygia (Fabricius) (Diptera: Calliphoridae) using acidic potassium permanganate chemiluminescence detection coupled with flow injection analysis and high-performance liquid chromatography (HPLC) is described. Larvae of C. stygia were reared on minced meat substrates that had been spiked with varying concentrations of morphine. Morphine concentrations were chosen to reflect typical levels in human tissues from opiate overdose victims. After maturing on substrates, larvae were analyzed for the presence of morphine using chemiluminescence detection coupled to flow injection analysis and a rapid HPLC method. Analysis of the larval matrix by flow injection analysis with chemiluminescence detection indicated the presence of interferants capable of generating chemiluminescence. A rapid chromatographic separation with a monolithic column allowed selective determination of morphine in larvae using postcolumn chemiluminescence detection. Larvae of C. stygia reared on substrates containing morphine at concentrations of 500 and 1000 ng/g did not sequester morphine at detectable concentrations. Larvae reared on substrates containing morphine concentrations of 2500, 5000, and 10,000 ng/g tested positive for the drug at concentrations of 765, 2720, and 3010 ng/g, respectively.
