Developing a SQL Injection Exploitation Tool with Natural Language Generation

Boekweg, Kate Isabelle

22 April 2024

Websites are a popular tool in our modern world, used daily by many companies and individuals. However, they are also rife with vulnerabilities, including SQL injection (SQLI) vulnerabilities. SQLI attacks can lead to significant damage to the data stored within web applications and their databases. Due to the dangers posed by these attacks, many countermeasures have been researched and implemented to protect websites against this threat. Various tools have been developed to enhance the process of detecting SQLI vulnerabilities and active SQLI attacks. Many of these tools have integrated machine learning technologies, aiming to improve their efficiency and effectiveness. Penetration testing is another valid method of detecting and fixing SQLI vulnerabilities, and there are tools designed to automate this process. Some of these automated exploitation tools have also incorporated machine learning techniques. This research aims to identify design requirements of a SQLI exploitation tool that utilizes Natural Language Generation for attack data. This research also aims to compare this new SQLI exploitation to existing tools. This research integrates various components from existing research projects to develop and evaluate the effectiveness of the proposed SQLI exploitation tool. This research establishes a framework for a SQL injection exploitation tool. Additionally, the study successfully tests multiple components of this new tool and compares the accuracy and speed of the new tool to already existing tools.

SQL injection

injection detection

cybersecurity

machine learning

offensive security

Engineering

Hacking and Evaluating the Cybersecurity of an Internet Connected 3D Printer

Backlund, Linus, Ridderström, Linnéa

January 2021

Over the last few years, internet-connectivity hascome to be an expected feature of professional 3D printers.Connectivity does however come at a cost concerning the securityof the device. This project aimed to evaluate the cybersecurityof the Ultimaker S5 3D printer. The system was tested for themost likely and severe vulnerabilities based upon a threat modelmade on the product. The results show that the system’s localwebapplication is vulnerable to some common web-attacks thatallow the attacker to perform actions on the victims printer. / De senaste åren har internetuppkoppling blivit en självklar funktion hos professionella 3D skrivare. Upp-koppling kommer dock ofta på bekostnad av enhetens säkerhet. Detta projekt syftade till att utvärdera cybersäkerheten hos 3D skrivaren Ultimaker S5. En hotmodell gjordes och systemet penetrationstestades baserat på denna. Resultaten visar att enhetens lokala webbapplikationen är sårbar för några vanliga web-attcker som låter attackeraren exekvera oönskade funktioner på offrets skrivare. / Kandidatexjobb i elektroteknik 2021, KTH, Stockholm

Cybersecurity

Offensive Security

Penetration Testing

Hacking

Internet of Things

3D printer

Elektroteknik och elektronik

IoT Offensive Security Penetration Testing : Hacking a Smart Robot Vacuum Cleaner

Larsson Forsberg, Albin, Olsson, Theodor

January 2019

IoT devices can be found in almost any type of situation as the availability and viability of them has surged in the last decade with technological advancements. The purpose of this project is to investigate how secure these types of devices, in particular a robot vacuum cleaner, actually are if an ill intended actor tries to interfere with the device. Different methods used in the sphere of threat modeling and penetration testing were applied and tested with the result coming back positive. The robot vacuum cleaner was successfully compromised and the privacy of the owner could be violated applying the attacks used. The current way of thinking about privacy and security of IoT devices could therefore need to be reviewed.

IoT

Hacking

Robot Vacuum Cleaner

Threat Modeling

Personal Information

Privacy

Penetration Testing

Offensive Security

Elektroteknik och elektronik