SQL injection (SQLi) is one of the most common attacks against database Servers and has the potential to threaten Server services by utilizing SQL commands to change, delete, or falsify data. In this study, researchers tested SQLi attacks against websites using a number of tools, including Whois, SSL Scan, Nmap, Open Web Application Security Project (OWASP) Zap, and SQL Map. Then, researchers identified SQLi vulnerabilities on the tested web Server. Next, researchers developed and implemented mitigation measures to protect the website from SQLi attacks. Test results using OWASP Zap identified 14 vulnerabilities, with five of them at a medium level of 35%, seven at a low level of 50%, and two at an informational level of 14%. Meanwhile, testing using SQL Map succeeded in gaining access to the database and username on the web Server. The next step in this research is to provide recommendations for installing a firewall on the website as a mitigation measure to reduce the risk of SQLi attacks. The main contribution of this research is the development of a structured methodology to identify and address SQLi vulnerabilities in web Servers, which play an important role in maintaining data security and integrity in a rapidly evolving online environment.

The database management system (DBMS) for any application is crucial for developers because each application needs high performance to run efficiently. Therefore, database Benchmarking is the process of performing several Defined tests on those databases to evaluate their performance. The electronic benchmarking System (EBS) facilitates and improves human resource management (HRM) in all aspects of real life. EBS designed by four different database backends and three different web technology. This paper presents a comparative evaluation of the performance of the top DBMS systems namely (MySQL, SQL Server, Oracle, and MS Access). The middleware is designed using three dynamic web technologies (PHP, ASP, and PYTHON). In order to evaluate the backend performance for the four mentioned databases system by using two Parameters Response Time (RT) and Throughput (TT) over different Tire Architectures namely: One-Tier Architecture (1TA), Two-Tier Architecture (2TA). This paper will show which of the database has a better Response time (RT) and Throughput (TT).

A single Server finite population queueing model with compulsory Server vacation and with fixed batch service has been considered. For this model the system steady state probabilities are obtained. Some performance measures are calculated and numerical examples are also given.

One of the most critical attacks, threatening the security of databases is SQL injection attack which is mostly held through web applications. This paper proposes a new method to detect and prevent SQL injection attack. The method is based on combination of both static and dynamic approaches and semantic analysis of queries. Run time queries are matched with static list and semantic pattern and as a result the degree of attack factor existence will be checked. Ontology is used on creation of semantic patterns. According to tests which are gathered from different databases, this method acts efficiently and flexibly enough to discover new attacks. The suggested architecture, in contrast with the others, is designed in such a way that it does not have a great database dependency and by some changes it can be used for the other databases.

The functionality of a web-based system can be a ected by many threats. In fact, web-based systems provide several services built on databases. This makes them prone to Structured Query Language (SQL) injection attacks. For that reason, many research e orts have been made to deal with such attacks. The majority of the protection techniques adopt a defense strategy which results to provide, in extreme response time, a lot of positive rates. Indeed, attacks by injecting SQL are always a serious challenge for the web-based system. This kind of attack is still attractive to hackers and it is in growing progress. For that reason, many researches have been proposed to deal with this issue. The proposed techniques are essentially based on a statistical or dynamic approach or using machine learning or even deep learning. This paper discusses and reviews the existing techniques used to detect and prevent SQL injection attacks. In addition, it outlines challenges, open issues, and future trends of solutions in this context.