Annotated Bibliography On Sql Injection

SQL Injection – an input validation attack specific to database applications where SQL code is inserted into application queries to manipulate the database.

This must be in your own words and not copied and pasted from the original source. Include the purpose of the database and the subject matter it covers. This may be four or five sentences; and

Computer Information Systems (CIS) have forever altered the way in which organizations conduct business. No longer is commerce managed through clunky and expensive paper-based transactions. The advantage of this archaic process, though, was that it allowed corporations to store their documents in secure locations under tight lock & key. Today however, these cabinets have been replaced with database systems. Database systems are the modern version of filing cabinets, which house the vast data transacted by corporations.

With the advent of Internet, web applications have become a day to day feature in our lives. Also with the constant usage of online services increasing every day, there has been an equally growing concern regarding the security threats in web applications. One of the most common attacks exploiting the vulnerabilities of various types of applications along with web applications is through the Structured Query Language Injection Attack also known as SQL Injection Attack. Based on a recent study by OWASP, SQL injection attack has the highest rank in revealing web based vulnerabilities. One of the major motivation for the attacker to perform SQL injection attack is for retrieving all the contents from the database without any authorization or permission. It is a code injection technique where an attacker inserts a malicious query in the original legitimate SQL query. After the execution of the query, the attacker has the access to the database and can obtain, change, and update data for which he/she does not have any permission.

SQL injection or SQLi is a common technique used to hack into a website. Using this below code can help you prevent or stop the hacking. Shown below is a sequence of code snippets, which relate to preventing SQL injection with its use. It is a common technique that hacks into the site to see the contents of it, use of the code snippet is necessary when you are in the beginning process avoiding the hack.

Abstract— SQL injection is a technique where malicious users can inject SQL commands into an SQL statement through user input. SQL Injection is one type of web attack mechanisms used by malicious user to steal data from organizations. It is among one of the most common application layer attack techniques used normally. It is one of the types of attack which takes advantage of improper coding to inject SQL commands into form through user input to allow them to gain access to the data.

SQL injection attacks discloses delicate database data by exploiting input validation vulnerabilities in a Web webpage. Usually, Web sites validate all user inputs before sending queries to the database. If this is not done properly for every input (might be thousands), an intruder may modify data/values in a Web request to in turn modify queries sent to a back-end database. The results of these unapproved requests are then shown as an HTML response with possibly a large amount of compromised data.

Databases allow us to easily store and retrieve data in a purely digital format. The strength of this is that large amounts of data can be stored and retrieved with minimal effort on the part of the user. Opposed to manually flipping through files, one can quickly pull up the requested data through a computer program. Many systems that were conventionally paper and file based have been converted to a digital format which are now stored in one or more databases.

Throughout the years the SQL Injection risk has developed so much that now significantly more obliterating assaults are seen than any time in recent history. Many Organizations are being broken by means of SQL Injection assaults that slip consistently through the system firewall and detour their web application firewalls (WAF). This gives attackers a good chance to exploit databases and internal networks of the organization. Being one of the top ten threats in OWASP, this particular threat has gained a lot of attention.

It is proposed by Junjin [10] for detecting SQL injection attacks over the web application i.e. for tracing SQL input flow using SQLInjectionGen and attack input generation using

SQL Injection is a web application security vulnerability that an attacker can submit a database SQL command which is executed by web applications in order to expose the back-end database. SQL injection have been described as one of the most critical threats for Web applications as they are vulnerable to allow an attacker to gain complete access to the underlying database as well as organizations being breached by SQL injection attacks that slip through the firewall over ports such as port 80 (HTTP) or 443 (SSL) to internal networks and vulnerable databases. These databases often contain sensitive user information which can result in security violations such as loss of confidential information, identify theft

There are new SQL Server 2012 security features that Microsoft has provided to their database application program. The research paper will cover the most important features, which can be drilled down into four categories:

It is a common practice in web applications to allow users to enter information into web forms. This user input, unfortunately, opens up the possibility of SQL injection. SQL injection is the most common and well known web application vulnerability. SQL injections can happen when SQL statements are dynamically created when processing user input. It is not difficult for a malicious user to enter SQL directly into the input fields to dynamically change the SQL statement in order to obtain information from the database.

As databases and technology have evolved, Elmasri and Navathe point out that increasingly complex data structures for modeling to meet the needs of the more advanced and larger databases that were also beginning to include newer data types (2016). As stated before, with more complex databases, there are more vulnerabilities in security that need to be planned for and mitigated wherever possible. A DBMS is responsible for designing the methods in which data recovery and security is handled, while tools are used within database modeling that facilitate modeling, system design, and improve performance (Elmasri & Navathe, 2016). When applying these tools to database creation, security should always be considered in each step of modeling and creating the database. The DBMS provides a security and authorization subsystem to the DBA so that they can use it to create accounts and specify account restrictions (Elmasri & Navathe, 2016).

Security of database systems has become very important Now-a-days. As many of the operations now-a-days depend on the database systems, security became a problem because of increase in the number of web applications. If the data is affected in an application, it not only affects that single application but it affects the entire applications present in that system. Data may be damaged not only from the outside damages but may be also from inside damages. Hence, we are using some of the data security techniques like encryption of the data and decryption of the data for keeping the data safe.