TAILIEUCHUNG - A Classification of SQL Injection Attacks and Countermeasures

The network administrator simply logged into the Locate web console and looked up the IP addresses of the infected workstations. He was presented with the name, location, and phone number of the infected users. He was then able to immediately call each of the users, notify them of the situation, and disable their switch port. Appropriate steps were taken within minutes to fix the problem before other workstations were infected. The pro- cess to identify and locate all 100 users took less than 10 minutes | A Classification of SQL Injection Attacks and Countermeasures William . Halfond Jeremy Viegas and Alessandro Orso College of Computing Georgia Institute of Technology whalfond jeremyv orso @ ABSTRACT SQL injection attacks pose a serious security threat to Web applications they allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive information these databases contain. Although researchers and practitioners have proposed various methods to address the SQL injection problem current approaches either fail to address the full scope of the problem or have limitations that prevent their use and adoption. Many researchers and practitioners are familiar with only a subset of the wide range of techniques available to attackers who are trying to take advantage of SQL injection vulnerabilities. As a consequence many solutions proposed in the literature address only some of the issues related to SQL injection. To address this problem we present an extensive review of the different types of SQL injection attacks known to date. For each type of attack we provide descriptions and examples of how attacks of that type could be performed. We also present and analyze existing detection and prevention techniques against SQL injection attacks. For each technique we discuss its strengths and weaknesses in addressing the entire range of SQL injection attacks. 1. INTRODUCTION SQL injection vulnerabilities have been described as one of the most serious threats for Web applications 3 11 . Web applications that are vulnerable to SQL injection may allow an attacker to gain complete access to their underlying databases. Because these databases often contain sensitive consumer or user information the resulting security violations can include identity theft loss of confidential information and fraud. In some cases attackers can even use an SQL injection vulnerability to take control of and corrupt the system that

Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.