Abstract: SQL injection is one of the most common types of attacks and has a very critical impact on web servers. In the worst case, an attacker can perform post-exploitation after a successful SQL injection attack. In the case of forensics web servers, web server analysis is closely related to log file analysis. But sometimes large file sizes and different log types make it difficult for investigators to look for traces of attackers on the server. The purpose of this paper is to help investigator take appropriate steps to investigate when the web server gets attacked. We use attack scenarios using SQL injection attacks including PHP backdoor injection as post-exploitation. We perform post-mortem analysis of web server logs based on Hypertext Transfer Protocol (HTTP) POST and HTTP GET method approaches that are characteristic of SQL injection attacks. In addition, we also propose structured analysis method between the web server application log file, database application, and other additional logs that exist on the webserver. This method makes the investigator more structured to analyze the log file so as to produce evidence of attack with acceptable time. There is also the possibility that other attack techniques can be detected with this method. On the other side, it can help web administrators to prepare their systems for the forensic readiness.
Abstract: This paper describes the tradeoffs and the design from
scratch of a self-contained, easy-to-use health dashboard software
system that provides customizable data tracking for patients in smart
homes. The system is made up of different software modules and
comprises a front-end and a back-end component. Built with HTML,
CSS, and JavaScript, the front-end allows adding users, logging into
the system, selecting metrics, and specifying health goals. The backend
consists of a NoSQL Mongo database, a Python script, and a
SimpleHTTPServer written in Python. The database stores user
profiles and health data in JSON format. The Python script makes use
of the PyMongo driver library to query the database and displays
formatted data as a daily snapshot of user health metrics against
target goals. Any number of standard and custom metrics can be
added to the system, and corresponding health data can be fed
automatically, via sensor APIs or manually, as text or picture data
files. A real-time METAR request API permits correlating weather
data with patient health, and an advanced query system is
implemented to allow trend analysis of selected health metrics over
custom time intervals. Available on the GitHub repository system,
the project is free to use for academic purposes of learning and
experimenting, or practical purposes by building on it.