Access Millions of academic & study documents

SQL Injection Attacks Discussion

Content type
User Generated
Subject
Computer Science
Type
Discussion
Showing Page:
1/1
SQL full form is structured query language. SQL injection is one of the types for
attacking security of the websites. Generally this method is adopted by a hacker to get
access to the data over other websites. This whole process is done by adding
SQLinjection to the web input. This can also be said as bad code embedded in the user
application or web page . so that hacker has a high chance of using this attack the
malicious data in the database if there is more number of inputs from the user end user
application should reject or limit the inputs per time .
SQL injection is a powerfull attack where users input are carefully modified as SQL
statements into a website form. SQL injection technique used for hacking webpages .
SQL injection is simple technique to access a private data base using injection operation
or in other words by injecting all queries into data base. SQL injection is mainly used to
get an access of the database without permission of the DB( database administrator) in
sql injection the query parameter are 0 or 1 may be combination of other numbers and
strings.( Yao-Wen Huang, Chung-Hung Tsai, Tsung-Po Lin, Shih-Kun Huang, D. T., Sy-Yen
Kuo. 2005)
"More precisely, SQL Injection Attacks(SQLIAs) occurs when an online Web application
receives user input and when it tried to create a database query without validating it
properly.SQL injection technique is a technique to break application security. Area of
vulnerability is where user input is transferred into of database query. web application
login forms are exposed which is obvious - if you ‘hack’ login you get access to the
application which probably can execute all application actions supported by GUI - and
this is huge threat to application’s security.
SQL injection is web vulnerability where malicious users input is modified as SQL
statements into a website form. Let’s stay with login form and typical login scheme
where user names and passwords are stored in some database table. This is the most
popular case where the login form entry is validated with database query and the query
result lets application decide whether you are allowed to log in or not.( Chris Anley.
2002)
Database intrusion detection systems are based on signatures of well-known exploits
and traps and honey tokens set in the database one should not expose their database
structures in diagnostic messages. in fact one should not expose actual diagnostic
messages and log them in database or file but to the user just show some information
like ‘error occurred’ and that’s it . most important thing is one should not build their
queries as a string that combines your SQL code with user inputs, instead use value
prepared queries and binding.( S. Raghavan, H. Garcia-Molina. 2001)
Reference:
Yao-Wen Huang, Chung-Hung Tsai, Tsung-Po Lin, Shih-Kun Huang, D. T., Sy-Yen Kuo. 2005. A testing
framework for Web application security assessment
Chris Anley. 2002. Advanced SQL Injection in SQL Server Applications. An NGSSoftware Insight
Security Research (NISR) publication.
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
S. Raghavan, H. Garcia-Molina. 2001. Crawling the Hidden Web

Sign up to view the full document!

lock_open Sign Up
Unformatted Attachment Preview
SQL full form is structured query language. SQL injection is one of the types for attacking security of the websites. Generally this method is adopted by a hacker to get access to the data over other websites. This whole process is done by adding SQLinjection to the web input. This can also be said ...
Purchase document to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Studypool
4.7
Indeed
4.5
Sitejabber
4.4