Abdul Bashah Mat Ali

SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks

Securing the web against frequent cyber attacks is a big concern as attackers usually intend to snitch private information, financial information, deface and damages websites to prove their hacking capabilities. This type of vandalism may drive many corporations that conduct their business through the web to suffer financial and reputation damages. One of the most dangerous cyber attacks is the Structured Query Language (SQL)-injection attack, whereby this type of attack can be launched through the web browsers. The vulnerability of SQL-injection attack can be attributed to inappropriate programming practice by the website developers, which leaves a lot of doors widely open for the attackers to exploit these and gaining access to confidential information that resides in the website server databases. In order to address this vulnerability, it must be feasible to detect the vulnerability and enhance the coding structure of the website to avoid being an easy victim to this type of cyber attacks. Detecting the SQL-injection vulnerability requires the development of a powerful tool that can automatically create SQLinjection attacks using efficient features (different attacking patters) to detect the vulnerability of the websites. This paper discuss the development of a new web scanning (MySQLlInjector) tool with enhanced features that will be able to conduct efficient penetration test on PHP (started as Personal Home Page but now widely used as Hypertext Preprocesses) based websites to detect SQL injection vulnerabilities. This tool will automate the penetration test process, to make it easy even for those who are not aware familiar about hacking techniques.

A proposed methodology for establishing software process development improvement for small software development firms

Abstract Small software development firms represent the majority of all software firms in most countries. These firms are facing the same software engineering challenges that affect large software firms. Software Process Improvement (SPI) traditional models were developed to help large and very large firms, however small software firms could not afford these models. Furthermore, they need to manage and improve their software development processes for several reasons such as dealing with the rapid technology advances, maintaining their products, satisfying the customers’ needs and sustaining their operations. This paper presents the methodology’s stages of developing a suitable software development process improvement framework by using Capability Maturity Model Integration (CMMI-DEV V1.2) as the basic model for improvement and Extreme Programming (XP) method as the basic software development method.

Extending ETL framework using service oriented architecture

Abstract Extraction, Transformation and Loading (ETL) represent a big portion of a data warehouse project. Complexity of components extensibility is a main problem in the ETL area, because ETL components are tightly-coupled to each others in the current ETL framework. The missing extensibility feature causes impediments to add new components to the current ETL framework; to meet special business needs. This paper shows how to restructure the current ETL framework based on Service Oriented Architecture (SOA) to be easier to extend. This restructuring solution distributes the ETL into interoperable components. The distribution of Extraction, Transformation and Loading components while keeping interoperability amongst them; can be achieved by SOA. A Classified-Fragmentation component to enhance the report generation speed is added to the new framework; as a proof of the extensibility concept. The result of this work is an extensible ETL framework including Classified-Fragmentation component as an extension.

Themes-based classification for Al-Quran knowledge ontology

Al-Quran knowledge representations involved classification of Al-Quran verses for providing better understanding of the readers. In the current era of social media challenges, the representation of knowledge must be understood by human and computer in order to ensure the correctness of Al-Quran semantics are persevered. Current approaches used conventional methods such as taxonomy, hierarchy or tree structure, which only provides a concept definition without linked to other sources of knowledge explanation. This research aims to develop the Al-Quran Ontology by using theme-based classification approach. The ontology model for Al-Quran is developed based on the Al-Quran knowledge theme defined in Syammil Al-Quran Miracle the Reference. The theme-based ontology approach has shown that the Al-Quran knowledge can be classified and presented systematically. This will encourage the development of applications for Al-Quran readers. Moreover, the ontology structure that representing the theme concepts in Al-Quran was reviewed and validated by the domain experts in Al-Quran knowledge.