Sql Injection Attacks : Detection Essay

1338 Words Dec 8th, 2016 6 Pages
Structured Query Language (SQL) injection attacks have been around for nearly two decades and have posed a threat to companies and government agencies around the world (SQL Injection Defense, n.d). The former head of payment security for Barclaycard, Neira Jones, states; “some 97 percent of database attacks worldwide are still due to SQL injection somewhere along the attack chain (SQL Injection Defense, n.d). A SQL injection attack can lead to an unauthorized access to database content and web portals.
The SQL commands consist of statements that, when executed, are going to interact with a system’s database. The paper SQL Injection Attacks: Detection in a Web Application Environment, published by DB Networks, gives a thorough explanation on how SQL injection is executed,
“SQL injection attacks are initiated by manipulating the data input on a Web form such that fragments of SQL instructions are passed to the Web application. The Web application then combines these rogue SQL fragments with the proper SQL dynamically generated by the application, thus creating valid SQL requests” (pg. 5).
The SQL injection can cause either severe damage to an organization if credentials were obtained. The unauthorized user can make dramatic changes to a database, such as modifying and deleting data, and can cause organizations a lot of time and money to repair.
In 2009, two of the National Aeronautics and Space Administration’s (NASA) websites were hacked through the use of SQL injection.…

Related Documents