08-01-2014, 01:39 PM
SQL Injection Techniques & Countermeasures
Abstract
SQL injection is a code injection technique used to exploits security vulnerability in web applications and information systems that use user-supplied data in SQL queries without validating the input or incorrectly filtered input. SQL injection is most common attack methodology that targets the data residing in a database of an application through the firewall that shields it. Attack occurs when an attacker is able to insert a series of SQL statements into a ‘query’ by manipulating data input into a web-based application.
The SQL Injection is code that works even if the System is fully patched, it requires nothing but port 80 should open. The attack takes advantage of poor input validation in code and website administration.
The objective of this paper is to analyses various SQL techniques that can be used to exploit a web application security and to make simple and efficient mechanism that should be used to protect against SQL injection and poor input validations.