SQLi Penetration Testing of Financial Web Applications: Investigation of Bangladesh Region

Business critical web applications are the most popular services provided to the client by the financial sector. These applications are bringing handsome revenue for the financial industry every year. These services are also a frequent target of attackers. Poor coding practice leads applications to vulnerability that are exploited by attackers. Information and privileges such as access to databases, admin authorization, and access to data could be retrieved through exploitation. Services provided through web applications make the exploitation easier as these could be accessed from anywhere around the world. Web based financial services are comparatively new concept in Bangladesh. Thus the security aspects of these applications are less explored. This paper represents an analysis of few basic security issues of the financial web applications of Bangladesh. It focuses on structured query language injection (SQLi) vulnerability. It presents a manual black box penetration testing approach to test the financial web applications. Same steps are used for testing all the web applications in the dataset. A vulnerability analysis of the findings collected during the penetration testing is also presented in the paper.