Izzat Alsmadi

Work place: Department of Information Systems, Prince Sultan University, Riyadh, KSA

E-mail: ialsmadi@cis.psu.edu.sa


Research Interests: Software Engineering, Information Security, Information Systems, Information Retrieval, Information Storage Systems


Izzat Alsmadiis an associate professor in the department of information systems at Prince Sultan University in KSA. He obtained his Ph.D degree in software engineering from NDSU (USA). His second master in software engineering from NDSU (USA) and his first master in CIS from University of Phoenix (USA). He had B.sc degree in telecommunication engineering from Mutahuniversity in Jordan.  He has several published books, journals and conference articles largely in software engineering and information retrieval fields.

Author Articles
Textual Manipulation for SQL Injection Attacks

By Hussein AlNabulsi Izzat Alsmadi Mohammad Al-Jarrah

DOI: https://doi.org/10.5815/ijcnis.2014.01.04, Pub. Date: 8 Nov. 2013

SQL injection attacks try to use string or text manipulations to access illegally websites and their databases. This is since using some symbols or characters in SQL statements may trick the authentication system to incorrectly allow such SQL statements to be processed or executed. In this paper, we highlighted several examples of such text manipulations that can be successfully used in SQL injection attacks. We evaluated the usage of those strings on several websites and web pages using SNORT open source.  We also conducted an extensive comparison study of some relevant papers.

[...] Read more.
Toward Security Test Automation for Event Driven GUI Web Contents

By Izzat Alsmadi Ahmed AlEroud

DOI: https://doi.org/10.5815/ijcnis.2012.06.03, Pub. Date: 8 Jun. 2012

The web is taking recently a large percentage of software products. The evolving nature of web applications put a serious challenge on testing, if we consider the dynamic nature of the current web. More precisely, testing both blocked contents and AJAX interfaces, might create new challenges in terms of test coverage and completeness. In this paper, we proposed enhancements and extensions of the current test automation activities. In the proposed framework, user interaction with AJAX interfaces is used to collect DOM violation states. A blocked content is accessed through multiple forms' submission with dynamic contents, and in each iteration the vulnerability events databases are modified. Next, the test cases database of possible vulnerable inputs for both AJAX and blocked contents is built. Finally, Coverage assessment is evaluated after executing those test cases based on several possible coverage aspects.

[...] Read more.
Other Articles