A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks
Quite a number of new technologies and concepts have emerged lately and they are yet to be fully absorbed by the growing market. The concepts range from the architectural evolutions in telecommunications and access networks known as Next Generation Networks (NGNs) to other technologies such as: Perv...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Book Chapter |
| Language: | English |
| Published: |
CRC Press, USA
2013
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/25295/1/6-Chapter-checked1_Update_april.pdf http://irep.iium.edu.my/25295/ http://www.crcpress.com/product/isbn/9781466507616 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Islam Antarabangsa Malaysia |
| Language: | English |
| id |
my.iium.irep.25295 |
|---|---|
| record_format |
dspace |
| spelling |
my.iium.irep.252952014-04-29T06:24:16Z http://irep.iium.edu.my/25295/ A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks Diallo , Abdoulaye Kindy Pathan, Al-Sakib Khan QA75 Electronic computers. Computer science Quite a number of new technologies and concepts have emerged lately and they are yet to be fully absorbed by the growing market. The concepts range from the architectural evolutions in telecommunications and access networks known as Next Generation Networks (NGNs) to other technologies such as: Pervasive/Ubiquitous Computing, Future Internet, Internet Of Things (IoT), Cloud Computing, Green Computing, and the like. All these inventions and concepts basically deal more or less with data (or, information). The reality is that in most of the cases, we cannot talk about data without relating those with their containers, i.e., databases (data storage) which store the data. Talking about databases would mean dealing with the contents (SELECT, UPDATE, DELETE, DROP, etc.) whereby comes forward the threat of SQL Injection attacks. From an individual adoption to a complete nation’s scenario (e-Governance), the Internet technology has gone through a very rapid growth recently and its adoption is moving faster than ever before. Billions of transactions are done today online via a wide range of Internet technologies. However, this does not mean that our online business and transaction is secure from potential threats. On the other hand, most studies show the contrary: emerging threats are increasing exponentially. For some consecutive times, SQL Injection is categorized as the top-10 Web application vulnerabilities experienced by Web applications. Prior to any communication with the backend database, a user has to be identified. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection (using SQL Injection statements) gives access to unauthorized users. In this chapter, we present a walk through SQL Injection vulnerabilities, attacks, and their prevention techniques in current and future networks. It is very much likely that the threats of SQL Injection will remain almost similar to that of the current status, for the next generation and future networks. Innovative tactics of using SQL Injection pose constant headache for the security experts. Hence, alongside presenting our findings from the comprehensive study about past and present, we also note down future expectations and possible development of countermeasures against SQL Injection attacks. CRC Press, USA 2013 Book Chapter REM application/pdf en http://irep.iium.edu.my/25295/1/6-Chapter-checked1_Update_april.pdf Diallo , Abdoulaye Kindy and Pathan, Al-Sakib Khan (2013) A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks. In: Building Next-Generation Converged Networks: Theory and Practice. CRC Press, USA, USA. ISBN 9781466507616 http://www.crcpress.com/product/isbn/9781466507616 |
| institution |
Universiti Islam Antarabangsa Malaysia |
| building |
IIUM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
International Islamic University Malaysia |
| content_source |
IIUM Repository (IREP) |
| url_provider |
http://irep.iium.edu.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Diallo , Abdoulaye Kindy Pathan, Al-Sakib Khan A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks |
| description |
Quite a number of new technologies and concepts have emerged lately and they are yet to be fully absorbed by the growing market. The concepts range from the architectural evolutions in telecommunications and access networks known as Next Generation Networks (NGNs) to other technologies such as: Pervasive/Ubiquitous Computing, Future Internet, Internet Of Things (IoT), Cloud Computing, Green Computing, and the like. All these inventions and concepts basically deal more or less with data (or, information). The reality is that in most of the cases, we cannot talk about data without relating those with their containers, i.e., databases (data storage) which store the data. Talking about databases would mean dealing with the contents (SELECT, UPDATE, DELETE, DROP, etc.) whereby comes forward the threat of SQL Injection attacks. From an individual adoption to a complete nation’s scenario (e-Governance), the Internet technology has gone through a very rapid growth recently and its adoption is moving faster than ever before. Billions of transactions are done today online via a wide range of Internet technologies. However, this does not mean that our online business and transaction is secure from potential threats. On the other hand, most studies show the contrary: emerging threats are increasing exponentially. For some consecutive times, SQL Injection is categorized as the top-10 Web application vulnerabilities experienced by Web applications. Prior to any communication with the backend database, a user has to be identified. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection (using SQL Injection statements) gives access to unauthorized users.
In this chapter, we present a walk through SQL Injection vulnerabilities, attacks, and their prevention techniques in current and future networks. It is very much likely that the threats of SQL Injection will remain almost similar to that of the current status, for the next generation and future networks. Innovative tactics of using SQL Injection pose constant headache for the security experts. Hence, alongside presenting our findings from the comprehensive study about past and present, we also note down future expectations and possible development of countermeasures against SQL Injection attacks.
|
| format |
Book Chapter |
| author |
Diallo , Abdoulaye Kindy Pathan, Al-Sakib Khan |
| author_facet |
Diallo , Abdoulaye Kindy Pathan, Al-Sakib Khan |
| author_sort |
Diallo , Abdoulaye Kindy |
| title |
A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks |
| title_short |
A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks |
| title_full |
A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks |
| title_fullStr |
A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks |
| title_full_unstemmed |
A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks |
| title_sort |
walk through sql injection: vulnerabilities, attacks, and countermeasures in current and future networks |
| publisher |
CRC Press, USA |
| publishDate |
2013 |
| url |
http://irep.iium.edu.my/25295/1/6-Chapter-checked1_Update_april.pdf http://irep.iium.edu.my/25295/ http://www.crcpress.com/product/isbn/9781466507616 |
| _version_ |
1643608910417887232 |