Article Per Year (5 Year)
p-Index From 2020 - 2025
0.23
P-Index
This Author published in this journals
All Journal Bulletin of Electrical Engineering and Informatics
Alzghoul, Musab Bassam Yousef
Unknown Affiliation
Electrical & Electronics Engineering

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Evaluating the effectiveness of Havij for structured query language injection exploitation in web applications Baklizi, Mahmoud; Alkhazaleh, Mohammad; Alzghoul, Musab Bassam Yousef; Maaita, Adi; Zraqou, Jamal; AlShaikh-Hasan, Mohammad
Bulletin of Electrical Engineering and Informatics Vol 14, No 6: December 2025
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.11591/eei.v14i6.10751

Abstract

Structured query language injection (SQLi) is still one of the most critical risks to web application security, as it allows attackers to interfere with sensitive data and even a complete database infrastructure. Although many automated tools are available, previous studies usually achieve only descriptive briefs, which do not offer empirical assessments that measure the performance and the usability. This research fills this void by a systematic five-stage experimental analysis of the Havij automated SQLi tool under a controlled and ethical test setup. Confirmation of vulnerability, automated exploitation, data extraction and benchmarking of performance were performed as the methodology, and the results were compared against the industry standard SQLmap tool. It was found that in less than a minute Havij was able to locate the target database, scan its structure, and steal authentication credentials, which is quite efficient and user-friendly. In contrast to the literature, our work presents not only quantitative measures (time-to-exploit, request volume, and success rate) but also a qualitative evaluation (user accessibility and limitations), which gives a comprehensive evaluation. The results highlight trade-offs between the depth and accessibility, the continued dangers of SQLi in practice, and provide recommendations that developers and security experts can implement.
Co-Authors Alkhazaleh, Mohammad AlShaikh-Hasan, Mohammad Baklizi, Mahmoud Maaita, Adi Zraqou, Jamal