A Heuristic Model for SQL Injection Attacks Prevention in GIS Web Application
Subject Areas : Journal of Radar and Optical Remote Sensing and GISMohammad Ali Arasteh 1 , Fahimeh Parsaei 2
1 - Head of GIS Group, Yazd Water and Wastewater Company, Ph.D. Department of Information Technology, University of Qom, Iran
2 - Regulatory Center of the Iranian National Taz Administration (INTA), Tehran, Ph.D. Candidate, Department of Cognitive Neuroscience, University of Tabriz, Iran
Keywords: SQL Injection, Web GIS Application-Level Vulnerabilities, Authentication and Authorization, Data Integrity, Application Security Scanner,
Abstract :
By increasing the development of Geographical Information Systems (GIS) providing electronic map data exchange with internet and mobile applications, related problems such as keeping secure map information, safe transactions, and assured broadcast services are necessary. Every year millions of attacks on financial and data information will be caused a series of problems in the world. One of the most critical attacks on the application level is SQL injection into the Web database. This paper tried to present a model for preventing SQL injection into GIS applications, which leads to fetching and manipulating the map information and data from a database. It also provides solutions for IT managers to keep the GIS website secure. The model security steps were tested on one of the GIS portals of Iranian organizations. To evaluate the performance of the proposed model, the security of an Iranian web GIS was checked before and after the announcement of the instructions, and the test results of the vulnerability checking with Acunetix and DVWA. The result showed that the website was completely safe and the model’s instructions for various stakeholders, including programmers, administrators, and GIS experts can significantly prevent this attack.