Group 2-2 - SQLInjection DarrelCross SabrinaThornton...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
SQL Injection Darrel Cross Sabrina Thornton Jeff Singer
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SQL Injection Code injection technique that exploits a security  vulnerability occurring in the database layer of  an application Convince the application to run SQL code that  was not intended One of the most common application layer attack  techniques used today AKA SQL insertion attacks
Background image of page 2
SQL Injection Simplicity of SQL injection has fueled its  popularity Only need a web browser, knowledge of SQL  queries, and creative guess work Dynamic script languages including ASP,  ASP.NET, PHP, JSP, and CGI are all vulnerable
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SQL Injection Vulnerability is present when: User input is incorrectly filtered for string literal  escape characters embedded in SQL statements User input is not strongly typed and unexpectedly  executed Possible to send a crafted user name and/or  password field that will change the SQL query  and grant something else
Background image of page 4
SQL Injection Firewalls and similar intrusion detection  mechanisms provide little to no defense against  full-scale SQL Injection web attacks
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SQL Injection Four main types of vulnerabilities: Incorrectly filtered escape characters Incorrect type handling The “Magic String” ‘OR’ ‘= ’ Blind SQL Injection Conditional Responses Conditional Errors
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 07/24/2011 for the course EEL 3531 taught by Professor Llewelyn during the Spring '09 term at University of Florida.

Page1 / 17

Group 2-2 - SQLInjection DarrelCross SabrinaThornton...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online