• Sign In / Register
  • Help
  • Basket0
Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 - Security and Cryptology 6503 (Paperback)
  • Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 - Security and Cryptology 6503 (Paperback)
zoom

Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 - Security and Cryptology 6503 (Paperback)

(editor), (editor)
£54.99
Paperback 261 Pages / Published: 02/12/2010
  • We can order this

Usually despatched within 2 weeks

  • This item has been added to your basket
2.1 Web Application Vulnerabilities Many web application vulnerabilities havebeenwell documented andthemi- gation methods havealso beenintroduced [1]. The most common cause ofthose vulnerabilities isthe insu?cient input validation. Any data originated from o- side of the program code, forexample input data provided by user through a web form, shouldalwaysbeconsidered malicious andmustbesanitized before use.SQLInjection, Remote code execution orCross-site Scriptingarethe very common vulnerabilities ofthattype [3]. Below isabrief introduction toSQL- jection vulnerability though the security testingmethodpresented in thispaper is not limited toit. SQLinjectionvulnerabilityallowsanattackertoillegallymanipulatedatabase byinjectingmalicious SQL codes into the values of input parameters of http requests sentto the victim web site. 1: Fig.1. An example of a program written in PHP which contains SQL Injection v- nerability Figure 1 showsaprogram that uses the database query function mysql query togetuserinformationcorrespondingtothe userspeci?edby the GETinput- rameterusername andthen printtheresultto the clientbrowser.Anormalhttp request with the input parameter username looks like "http://example. com/ index.php?username=bob". The dynamically created database query at line2 is "SELECT * FROM users WHERE username='bob' AND usertype='user'". Thisprogram is vulnerabletoSQLInjection attacks because mysql query uses the input value of username without sanitizingmalicious codes. A malicious code can be a stringthatcontains SQL symbols ork- words.Ifan attacker sendarequest with SQL code ('alice'-') - jected "http://example.com/index.php?username=alice'-", the query becomes "SELECT* FROM users WHERE username='alice'--' AND usertype='user'".

Publisher: Springer-Verlag Berlin and Heidelberg GmbH & Co. KG
ISBN: 9783642177132
Number of pages: 261
Weight: 417 g
Dimensions: 234 x 155 x 15 mm
Edition: 2010 ed.

You may also be interested in...

Computer Basics in easy steps
Added to basket
IMac in Easy Steps
Added to basket
£10.99
Paperback
Troubleshooting a PC in Easy Steps
Added to basket
Computer Basics In Simple Steps
Added to basket
Upgrading and Repairing PCs
Added to basket
£44.87
Mixed media product
Windows 10 in easy steps
Added to basket
MCSA 70-410 Cert Guide R2
Added to basket
£44.87
Mixed media product
Macs All-in-One For Dummies
Added to basket
Macintosh Terminal Pocket Guide
Added to basket
Lean Software Development
Added to basket
PCs for Dummies, 13th Edition
Added to basket
The Secret of Apollo
Added to basket
Raspberry Pi in Easy Steps
Added to basket

Reviews

Please sign in to write a review

Your review has been submitted successfully.