Treffer: SQL Injection Techniques and Mitigation Strategies: a study using OWASP Mutillidae II

The internet is central to economic and social life, but its widespread use also exposes systems to security risks. This thesis examines SQL injection attacks, a common method of database exploitation, with the goal of helping information technology students, especially those pursuing cybersecurity, to recognize and mitigate such threats. The thesis focused on OWASP Mutillidae II, an open-source training platform that simulates vulnerabilities listed in the OWASP Top Ten. The study draws on the theoretical framework of the NIST guide to general server security, OWASP’s Web Application Security Testing Guide, and the constructive testing, which combines practical experimentation with academic knowledge. The thesis adopted the constructive research approach, where different SQL injection techniques were carried out on Mutillidae II. Attacks such as blind injection, authentication bypass, add-to-your-blog, and data extract were demonstrated. The results showed that SQL injection can seriously compromise databases, expose details such as usernames, passwords, and IP addresses, and even enable unauthorized access. Recommended countermeasures include the use of prepared or parameterized queries, strict input validation, least privilege principles, and comprehensive code testing prior to deployment. The results conclude that SQL injection remains a significant threat to databases but can be mitigated through secure coding practices, layered defences, and automated testing. Further research into other vulnerabilities in Mutillidae II can expand the understanding of different cyber-attacks and strengthen organizational and individual systems against exploitation.