Motivation Of Web Application

SQL Injection – an input validation attack specific to database applications where SQL code is inserted into application queries to manipulate the database.

If we turn the clock backwards about 10 or 15 years, we find that people do not care much for the security of the web due to the lack of trying to exploit web applications for personal interests. But more recently, the issues related to the security of the Web began to grow, but unfortunately, there are many Web applications that have been developed, but these applications are started without any design for security.

Vulnerability 1: Injection – used to attack the applications in which malicious SQL statements are inserted into an entry field for execution.

One of the most common is the CGI scripting. CGI scripting works by sending Bash command to the web server i.e. (Apache, *gnix, Webrick... etc.) to generate dynamic content for the user. Dynamic content is when a website appears personalized to the user. A normal Web browser would not allow the user to execute special query in the address bar. So, the attacker can use Bash to interact with website. For instance, the command in Bash called "curl" is a utility that is used to make HTTP request to a give specific URL essentially you are navigating the website without the Graphical User Interface (GUI). So, if the victims have CGI scripting enabled and the shellshock bug is present we know we can get the bash to run arbitrary code. So if the attacker runs this

RFI stands for Remote File Inclusion that allows the attacker to upload a custom coded/malicious file on a website or server using a script. This vulnerability exploits the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). RFI is a common vulnerability and all website hacking is not entirely focused on SQL injection. Using RFI you can deface the websites, get access to the server and do almost anything. What makes it more dangerous is that you only need to have your common sense and basic

With the intoduction of Web 2.0, sharing information through social networking has increased and as there has been increased business/services over the internet websites are often attacked directly. Hackers either attempt to compromise the network or alternetivly the end-users opening the website.

The top ten most common database attacks are excessive privilege, privilege abuse, unauthorized privilege elevation, platform vulnerabilities, SQL injection, weak audit, denial of service, database protocol vulnerabilities, weak authentication, and exposure of backup data. (Schulman, 2012) The majority of these attacks can be mitigated by firewalls, password protection, and appropriate permissions.

Firstly I will like to talk about the Microsoft SQL Server. According to Vincent (July 2010) Microsoft SQL Server is a relational database managing software developed by Microsoft. Since many years back (1989) the SQL Server has been experiencing a lot attacks. For example

The company can prevent, remediate, or mitigate the attacks. During the establishment of prevention and

“Branch Locator” page is vulnerable to SQL injection attacks. This is a serious vulnerability which involves inserting malicious SQL statements into an input field for execution. By appending SQL statements to the URL of the Branch Locator page, information about the structure of the underlying database was collected. This information was then used to generate further malicious statements. The list of database objects, tables and columns were returned. The

The Aim Higher college has recently had some issues of sensitive information being stolen from students when registering for classes. I believe that the web application that the student information system is using is a problem named SQL injection. A SQL injection attack is an attack where the attacker can run malicious SQL queries against a web application’s database server and it can be a danger for the users who access the web page because the hacker will look for their personal information records, then delete it or modify the information gained. This type of attack is no joke we have to take action and create a plan to resolve this vulnerability on our database, so the students will register for their courses with our security on their side.

It means structured query language. The SQL will allow access and maneuvering of databases. The purpose of SQL is that it’s a standard language to be used for

Web applications are nowadays serving as a company’s public face to the internet. This has created the need to identify threats and attacks directed to data servers and web applications. Hackers exploit vulnerabilities in input validation and authentication affecting the web application in order to gain illegal access and disclose sensitive data or manipulate it to their benefits.

In today’s highly connected digital ecosystem, our lives, businesses, communications, and a lot of activities depend on the websites and web applications. All websites contain sensitive data and deliver business-critical information services to the targeted audience. Due to the rapidly increasing use of websites and web applications, vulnerabilities have become quite rampant. Even the smallest security loophole can give cybercriminals a chance to destroy the web-based business, damage customer confidence, and brand reputation in a short time span.

With advances in technology constantly happening, it can be hard to keep up with all of the latest trends. If organizations cannot keep up with the latest trends, it can lead to flaws in their security. Any flaws in security can have a detrimental effect on an organization’s database. Almost every organization has some sort of database, whether it is for maintaining customers, inventory, or vital information.