Int. J. Communications, Network and System Sciences, 2012, 5, 337-342 http://dx.doi.org/10.4236/ijcns.2012.56044 Published Online June 2012 (http://www.SciRP.org/journal/ijcns) Review and Measuring the Efficiency of SQL Injection Method in Preventing E-Mail Hacking Ahmed A. M. Sharadqeh 1 , As’ad Mahmoud Alnaser 2 , Omar Al Heyasat 2 , Ashraf Abdel-Karim Abu-Ein 1 , Hazem (Moh’d Said) Hatamleh 3 1 Computer Engineering Department, Faculty of Engineering Technology, Al-Balqa’ Applied University, Amman, Jordan 2 Computer Engineering Department, Al-Balqa’ Applied University, Salt, Jordan 3 Computer Science Department, Ajloun University College, Al-Balqa’ Applied University, Ajloun, Jordan Email: ashraf.abuain@fet.edu.jo, hazim-hh@bau.edu.jo, {sharadqh_78, asad1_99}@yahoo.com Received April 12, 2012; revised May 6, 2012; accepted May 16, 2012 ABSTRACT E-mail hackers use many methods in their work, in this article, most of such efficient methods are demonstrated and compared. Different methods and stages of such methods are listed here, in order to reveal such methods and to take care of them but the most common discussed method in this paper is SQL method. SQL injection is a type of security exploit in which the attacker adds SQL statements through a web application’s input fields or hidden parameters to gain access to resources or make changes to data. It is found that the SQL is an efficient way in preventing E-mail hacking and its efficiency reaches about 80%. The method of SQL injection can be considered as an efficient way comparing with other methods. Keywords: E-Mail; Hackers; SQL; Security 1. Introduction Since 1984 and the commercialization of the Internet, the number of computers linked to the Internet as hosts has grown from approximately 1000 in 1984 to over 150 million in 2005. This growth means that there are more than 150 million people providing, using and sharing resources and information via the public network. These users and hosts are located all over the globe and are in every country that has access to the Internet. Different types of information and resources are available in many different forms, from informational web sites (static con- tent), to interactive sites that display different results de- pending on the interaction (dynamic content) of the user. As with every population, you will have good persons, and bad persons, and every web site can fall victim to crimi- nal activities. This paper will explain some of the differ- ent ways that criminals can do harm or get unauthorized information and how programmers can stop this by im- plementing security into their programming code [1-3]. When web pages were first implemented they only displayed unchanging information, which is called static content. They may have included hyperlinks that would point to other web sites or web pages, which made it easy for users to get information from multiple or related web sites. These web sites didn’t offer any interactivity with users and didn’t require user input. Techniques and pro- gramming languages were developed that allows newer web pages to include text boxes, check boxes, radio but- tons, drop down lists and command buttons so that the user can provide data, information and commands to the web site. These web sites that change consists of dy- namic web content and are also called interactive. Dy- namic content is material on a Web page that is added or altered, usually after the page has been loaded by the Web browser and usually in response to actions or re- quests by the user. Michael Roche (2007), focused on making a survey of wireless attack tools focusing on 802.11 and Bluetooth. It includes attack tools for three major categories: confidentiality, integrity, and availabil- ity. Confidentiality attack tools focus on the content of the data and are best known for encryption cracking. In- tegrity attacks tools focus on the data in transmission and include frame insertion, man in the middle, and replay attacks. Finally, availability attack tools focus on Denial of Service (DoS) attacks. FERNANDO M et al. (2012), the authors are joined by a distinguished cyber security specialist, Wayne Lee, who provides a discussion of measures that businesses can implement immediately to secure their data and improve defenses against a data breach. Pinguelo and Muller also analyzed the various public-private partnerships on cyber-defense currently at work in the United States, and explain how those part- nerships are helping create a safer cyber-future. Copyright © 2012 SciRes. IJCNS