Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal International Journal of Electrical and Computer Engineering Indonesian Journal of Electrical Engineering and Computer Science
Muhammad Nadeem
BUITEMS
Computer Science & IT Electrical & Electronics Engineering

Published : 2 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 2 Documents
Search

 1 
Security assessment framework for educational ERP systems Hafsa Ashraf; Mamdouh Alenezi; Muhammad Nadeem; Yasir Javid
International Journal of Electrical and Computer Engineering (IJECE) Vol 9, No 6: December 2019
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | Full PDF (1711.057 KB) | DOI: 10.11591/ijece.v9i6.pp5570-5585

Abstract

The educational ERP systems have vulnerabilities at the different layers such as version-specific vulnerabilities, configuration level vulnerabilities and vulnerabilities of the underlying infrastructure. This research has identified security vulnerabilities in an educational ERP system with the help of automated tools; penetration testing tool and public vulnerability repositories (CVE, CCE) at all layers. The identified vulnerabilities are analyzed for any false positives and then clustered with mitigation techniques, available publicly in security vulnerability solution repository like CCE and CWE. These mitigation techniques are mapped over reported vulnerabilities using mapping algorithms. Security vulnerabilities are then prioritized based on the Common Vulnerability Scoring System (CVSS). Finally, open standards-based vulnerability mitigation recommendations are discussed.
SQL injection attacks countermeasures assessments Mamdouh Alenezi; Muhammad Nadeem; Raja Asif
Indonesian Journal of Electrical Engineering and Computer Science Vol 21, No 2: February 2021
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.11591/ijeecs.v21.i2.pp1121-1131

Abstract

SQL injections attacks have been rated as the most dangerous vulnerability of web-based systems over more than a decade by OWASP top ten. Though different static, runtime and hybrid approaches have been proposed to counter SQL injection attacks, no single approach guarantees flawless prevention/ detection for these attacks. Hundreds of components of open source and commercial software products are reported to be vulnerable for SQL injection to CVE repository every year. In this mapping study, we identify different existing approaches in terms of the cost of computation and protection offered. We found that most of the existing techniques claim to offer protection based on the testing on a very small or limited scale. This study dissects each proposed approach and highlights their strengths and weaknesses and categorizes them based on the underlying technology used to detect or counter the injection attacks.
Co-Authors Hafsa Ashraf Mamdouh Alenezi Raja Asif Yasir Javid