TOOLS AND TECHNIQUES FOR MITIGATION AND PROTECTION AGAINST SQL INJECTION ATACKS
Abstract
Abstract
Most of the services we enjoy on the Web are provided by database applications. Web-based email, online
shopping, forums, corporate web sites, and portals are all database-driven. To build a modern web site, you
need to develop a database application, usually a SQL database, which is responsible for managing data in
a structured way. Recent attacks can lead ad to the conclusion that web applications are insufficiently
protected and are the biggest threat to database security. The most popular form of attacks is the SQL
injection attacks that use the data entry, search and username or password fields to inject code into the SQL
database.
These attacks can detect sensitive data, alter database data, or destroy an entire database. An attacker could
even damage the operating system. Usually, the SQL injection attacks are just an introduction to some other
attacks, so preventing these attacks can also mean protection from other potentially more dangerous attacks.
The purpose of this paper is to review the most common SQL Injection attacks, as well as to propose
technical solutions and measures that can contribute to the mitigation of this kind of attacks.
Key words: SQL injection, vulnerabilities, security, privacy