The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
SQL Injection Attack as a Threat of Web Portals
Abstract
SQL injection attack (CERT, 2002) is one of the most prevalent security problems faced by today’s security professionals. It is today the most common technique to indirectly attack Web-powered databases and disassemble effectively the secrecy, integrity and availability of Web portals. The basic idea behind this insidious and pervasive attack is that predefined logical expressions within a pre-defined query can be altered simply by injecting operations that always result in true or false statements. With this simple technique, the attacker can run arbitrary SQL queries and thus s/he can extract sensitive customer and order information from e-commerce applications, or she/he can bypass strong security mechanisms and compromise the back-end databases and the file system of the data server. Despite these threats, a surprisingly high number of systems on the internet are totally vulnerable to this attack.
Related Content
Jana Polgar.
© 2012.
6 pages.
|
Jun-Jang Jeng, Ajay Mohindra, Jeaha Yang, Henry Chang.
© 2012.
15 pages.
|
Jerh. O’Connor, Ronan Dalton, Don Naro.
© 2012.
15 pages.
|
Jana Polgar.
© 2012.
13 pages.
|
Tony Polgar.
© 2012.
13 pages.
|
Jana Polgar.
© 2012.
5 pages.
|
Andreas Prokoph.
© 2012.
19 pages.
|
|
|