Title: Network Forensics for Detecting SQL Injection Attacks Using NIST Method

Issue Number: Vol. 7, No. 4
Year of Publication: Dec - 2018
Page Numbers: 436-443
Authors: Arif Roid Caesarano, Imam Riadi
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002496


SQL Injection is a technique to exploit web applications that use the database as data storage. By being able to influence what will be forwarded to the database, the attacker can exploit the syntax and capabilities of SQL, as well as the power and flexibility to support database operation functions and available system functionality to the database. The purpose of this study is that Snort IDS that can detect SQL Injection attacks produces logs that can provide information about attackers and attack notifications in real time using email. The subjects in this study are building a webserver network system using Snort IDS to detect SQL Injection attacks. The method used is NIST 800-30, where there are 9 important stages in risk assessment. Data collection methods in this study are observation and literature study. The research stage is the stage of doing a case simulation to try to implement Snort in detecting intrusions or attacks, where there are 5 stages of research namely vulnerability testing, attack scenario, snort configuration, data collection, and analysis stage. The results of this study are a webserver system development using Snort IDS for SQL Injection attack detection systems and real time attack notifications using email.