Sql Injection And Prevention Techniques

3770 Words16 Pages
SQL INJECTION AND PREVENTION TECHNIQUES

Abstract
SQL Injection is one of the main database attack mechanisms used by hackers to loot organization 's data from databases. Hacker target the application layer program and takes advantage of the improper coding methods to inject SQL command into a web form and then gain access to the database. SQL injection may adversely affect the integrity of the database and may reveal sensitive data of the organization. The intensity of the SQL injection attack vary depend on the capabilities of the backend database in use. With the help of SQL injection hacker can change existing queries, attach additional queries, read in or write to file or execute operating system command from the database. To protect organization data from SQL injection we need to apply security measures in the application layer and in the database layer. The purpose of this study is to analyze the database functionalities/security holes, mainly Oracle and MySQL, and propose the preventive measures database developers need to consider in the database layer while working with these databases to secure data from SQL injection.

Contents
1 Introduction 3
2 SQL Injection Techniques – Remote applications 3
2.1 Methodology 3
2.2 Spot the database in use 4
2.3 Using SQL Statements 5
2.4 Using PL/SQL procedures 7
2.5 Using database functionality to attack the OS 7
2.6 Using error messages from the database 8
3 SQL Injection Techniques – Direct database
Get Access