Sql Injection Attacks: Techniques and Protection Mechanisms Essay

1949 Words Nov 17th, 2013 8 Pages
Nikita Patel et al. / International Journal on Computer Science and Engineering (IJCSE)

SQL Injection Attacks: Techniques and Protection Mechanisms
Nikita Patel
Department of Info. Tech. Patel College of Science & Technology Bhopal, India

Fahim Mohammed
Department of Computer Science Research Scholar NIT Bhopal, India

Santosh Soni
Department of Computer Science Patel College of Science & Technology Bhopal, India

Abstract-- When an internet user interacts in web environment by surfing the Net, sending electronic mail messages and participating in online forums lot of data is generated which may have user’s private information. If this information is captured by third party tools and techniques; it may
…show more content…
The main goals of information security are Confidentiality, Integrity and availability. Confidentiality means the information available on a system should be safe from unauthorized people; Integrity means the information available in an organization should be complete and whole. It shouldn't be altered by any unauthorized person. Availability is as important as Confidentiality and Integrity. It means the information requested or required by the authorized users should always be available. II. CODE INJECTION ATTACKS

Code Injection is a term used when malicious code/script is injected into a program/web application from an outside source, for example input field which is provided by the web application to take input from the end-user. This attack makes use of lack of accurate input/output data validation. The injected malicious code executes as a part of the application. The consequences of a successful code injection attack may result in either damage to an asset, or an undesirable operation. Attack can be performed within software, web application etc in which the weakness is present. Weakness contribute to the introduction of vulnerabilities within that software or web applications, vulnerability can be used by the attacker to exploit the web applications to gain unintended access to data, denial of services, or perform incorrect operations. HTML Injection Attack,

Related Documents