Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 - Security and Cryptology 6503 (Paperback)
  • Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 - Security and Cryptology 6503 (Paperback)
zoom

Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 - Security and Cryptology 6503 (Paperback)

(editor), (editor)
£54.99
Paperback 261 Pages / Published: 02/12/2010
  • We can order this

Usually dispatched within 2 weeks

  • This item has been added to your basket
2.1 Web Application Vulnerabilities Many web application vulnerabilities havebeenwell documented andthemi- gation methods havealso beenintroduced [1]. The most common cause ofthose vulnerabilities isthe insu?cient input validation. Any data originated from o- side of the program code, forexample input data provided by user through a web form, shouldalwaysbeconsidered malicious andmustbesanitized before use.SQLInjection, Remote code execution orCross-site Scriptingarethe very common vulnerabilities ofthattype [3]. Below isabrief introduction toSQL- jection vulnerability though the security testingmethodpresented in thispaper is not limited toit. SQLinjectionvulnerabilityallowsanattackertoillegallymanipulatedatabase byinjectingmalicious SQL codes into the values of input parameters of http requests sentto the victim web site. 1: Fig.1. An example of a program written in PHP which contains SQL Injection v- nerability Figure 1 showsaprogram that uses the database query function mysql query togetuserinformationcorrespondingtothe userspeci?edby the GETinput- rameterusername andthen printtheresultto the clientbrowser.Anormalhttp request with the input parameter username looks like "http://example. com/ index.php?username=bob". The dynamically created database query at line2 is "SELECT * FROM users WHERE username='bob' AND usertype='user'". Thisprogram is vulnerabletoSQLInjection attacks because mysql query uses the input value of username without sanitizingmalicious codes. A malicious code can be a stringthatcontains SQL symbols ork- words.Ifan attacker sendarequest with SQL code ('alice'-') - jected "http://example.com/index.php?username=alice'-", the query becomes "SELECT* FROM users WHERE username='alice'--' AND usertype='user'".

Publisher: Springer-Verlag Berlin and Heidelberg GmbH & Co. KG
ISBN: 9783642177132
Number of pages: 261
Weight: 417 g
Dimensions: 234 x 155 x 15 mm
Edition: 2010 ed.

You may also be interested in...

BTEC Level 3 National IT Student Book 1
Added to basket
Delete
Added to basket
£31.99
Paperback
Hacking Raspberry Pi
Added to basket
Mac Basics In Simple Steps
Added to basket
Upgrading and Repairing PCs
Added to basket
£44.47
Mixed media product
OS X Mavericks For Dummies
Added to basket
PCs for Dummies, 13th Edition
Added to basket
IMac in Easy Steps
Added to basket
£10.99
Paperback
How Computers Work
Added to basket
£29.49
Paperback
The Elements of Computing Systems
Added to basket
Windows 8 QuickSteps
Added to basket
Laptops for Dummies, 6th Edition
Added to basket
IMac in Easy Steps
Added to basket
£10.99
Paperback

Reviews

Please sign in to write a review

Your review has been submitted successfully.