Vol. 12, No. 1, March 2019, pp. 51 - 66 ISSN 2006-1781 Mu’awuya Dalhatu, Aliyu Sani Ahmad and Moshood Abiola Hambali (2019), Manual Testing of SQL Injection Vulnerabilities in an Online Student Database System © 2019 Afr. J. Comp. & ICT – All Rights Reserved https://afrjcict.net Manual Testing of SQL Injection Vulnerabilities in an Online Student Database System Using Same Channel Strategy Mu’awuya Dalhatu* 1 , Aliyu Sani Ahmad 2 and Moshood Abiola Hambali 3 Department of Computer Science, Federal University Wukari, Nigeria. Email: 1 dalhatu@fuwukari.edu.ng, 2 alally_ahmad@yahoo.com, 3 hambali@fuwukari.edu.ng *Corresponding Author ______________________________________________________________________________________ ABSTRACT In the recent time, the dependency of universities, businesses and organisations on online databases are increasing in both the developed and developing countries like UK and Nigeria. So also the security challenges and threats are increasing. The most common and dangerous online database threat is SQL injection attacks and followed by XSS. SQL injection attack is a challenge to any online database that process data based on user inputs. This research investigates one of the most important online database threats. The research reviews related work, design and implement a secured student database application for testing the SQL injection. The research findings show that there is no single technique, policy or procedure that is powerful enough to prevent all SQL injection attacks. However, the research recommends the proper implementation of techniques such as sanitising inputs and using bind variables. Keywords: Online database, SQL injection, Threat, Mitigating SQL Injection, XSS ______________________________________________ African Journal of Computing & ICT Reference Format: Mu’awuya Dalhatu, Aliyu Sani Ahmad and Moshood Abiola Hambali (2019), Manual Testing of SQL Injection Vulnerabilities in an Online Student Database System Using Same Channel Strategy, Afr. J. Comp. & ICT, Vol.12, No. 1, pp. 51 - 66. © Afr. J. Comp. & ICT, March 2019; ISSN 2006-1781 ______________________________________________________ I. INTRODUCTION Despite the acceptance, role, and importance of computer applications especially in universities, many universities, businesses and organisations especially in developing countries like Nigeria are still using manual systems to manage records. This may be due to the threats associated with the online databases or applications. Most small or newly established universities and businesses may seem to use the manual system effectively. However, many organisations such as the universities grow rapidly each year; therefore, they require automated systems such as a database system in order to reliably manage records by eliminating redundancy and improving accessibility, security, and privacy. 51