SUBMITTED BY:SAMAR SARWARSTUDENT ID:S2142281MODULE NAME:RESEARCH & PROJECT METHODSSUBMITTED TO:HADI LARIJANISUBMISSION DATE:19 JAN 2022DatabaseSecurity inContext of SQL InjectionAttacks
TABLE OF CONTENTS1Abstract:........................................................................................................................................................32Introduction:..................................................................................................................................................33Importance of Cyber Security:.......................................................................................................................44SQL Injection Background:...........................................................................................................................44.1Types of SQL Injection Attacks:.............................................................................................................54.1.1In-band SQLi:.................................................................................................................................54.1.2Error-based SQLi:...........................................................................................................................54.1.3Union-based SQLi:.........................................................................................................................54.2Inferential (Blind) SQLi:........................................................................................................................64.2.1Boolean Based:...............................................................................................................................64.2.2Time Based:....................................................................................................................................74.3Out-of-band SQLi:..................................................................................................................................74.4SQLi Examples using PHP:....................................................................................................................85Technique Causes SQL Injection in phpcode:................................................................................................126Preventing SQL injection:............................................................................................................................137SQL injection tool:.......................................................................................................................................137.1SQLmap................................................................................................................................................137.2Safe3 SQL Injector...............................................................................................................................137.3SQLSus.................................................................................................................................................137.4Mole.....................................................................................................................................................137.5BSQL Hacker........................................................................................................................................137.6Blind SQL Bitshifting...........................................................................................................................137.7SQLi Dumper.......................................................................................................................................147.8Havij.....................................................................................................................................................147.9JSQL Injection......................................................................................................................................147.10BBQSQL..........................................................................................................................................147.11NoSQLmap...........................................................................................................................................147.12DSSS................................................................................................................................................147.13Blisqy................................................................................................................................................147.14WhiteWidow.....................................................................................................................................147.15Explo................................................................................................................................................148Conclusion:..................................................................................................................................................159References:..................................................................................................................................................152
DatabaseSecurity in Context of SQL Injection Attacks1Abstract:Database security is the major concern while developing web applications. There are different techniques thatare used by attackers to retrieve sensitive unauthorized data from the system or to gain unauthorized access tosome systems. SQL injection techniques are easy to perform and are used by most of the attackers. There arevarious techniques and kinds of SQL injection attacks. But by using different techniques and validating theinformation, SQL injection attacks can be prevented. Extensive testing should be performed before makingany project live so that there doesn’t remain any vulnerability in the system.2Introduction:Database security means designing a variety of measures, tools and controls to establish and protect databaseconfidentiality, integrity, and availability to secure it from illegitimate and malicious Cyber attacks and threats.It not only refers to protecting just database but also the applications and systems accessing it from damage,intrusion and misuse.Data is a valuable entity and its security and management are the major concerns because it may have tacticalimportance to the respective organization or person so its protection and security must be ensured. Thebreaking of security and leakage of data may harm not only the applications and system but also the persons insome ways by leaking their personal data and information.Attackers use different techniques to get unauthorized access of the system and to get private information anddata out of the databases of different systems and applications. Some of the major techniques used are asbelow:Remote Code ExecutionExploiting Software VulnerabilitiesPacket SniffingSQL InjectionCross Site Scripting (XSS)A lot of data of different organizations loses their data every year due to different cyber-attacks by manyattackers all over the world which not only affects the organizations because the organization loses its trust toits employees and clients but it also affects the persons directly whom that data belongs to. Out of all thetechniques used by attackers, one of the major techniques is SQL Injection. According to research done by awell-known site, about 55% of attacks are done using SQL injection techniques. Below picture shows majorattacking techniques and it depicts how SQL injection stand out of them with a ratio of 55 percent.
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 16 pages?
Upload your study docs or become a
Course Hero member to access this document
Term
Spring
Professor
N/A
Tags
