Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 | Agenda Bookshop Skip to content
Black Friday Sale Now On! | Buy 3 Get 1 Free on all books | Instore & Online.
Black Friday Sale Now On! | Buy 3 Get 1 Free on all books | Instore & Online.
Age Group_Uncategorized
Age Group_Uncategorized
automatic-update
B01=Anish Mathuria
B01=Somesh Jha
Category1=Non-Fiction
Category=KJQ
Category=UKN
Category=UND
Category=UNH
Category=UR
Category=UTN
Category=UYQP
Category=UYZ
COP=Germany
Delivery_Delivery within 10-20 working days
Language_English
PA=Available
Price_€50 to €100
PS=Active
softlaunch

Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010

English

2.1 Web Application Vulnerabilities Many web application vulnerabilities havebeenwell documented andthemi- gation methods havealso beenintroduced [1]. The most common cause ofthose vulnerabilities isthe insu?cient input validation. Any data originated from o- side of the program code, forexample input data provided by user through a web form, shouldalwaysbeconsidered malicious andmustbesanitized before use.SQLInjection, Remote code execution orCross-site Scriptingarethe very common vulnerabilities ofthattype [3]. Below isabrief introduction toSQL- jection vulnerability though the security testingmethodpresented in thispaper is not limited toit. SQLinjectionvulnerabilityallowsanattackertoillegallymanipulatedatabase byinjectingmalicious SQL codes into the values of input parameters of http requests sentto the victim web site. 1: Fig.1. An example of a program written in PHP which contains SQL Injection v- nerability Figure 1 showsaprogram that uses the database query function mysql query togetuserinformationcorrespondingtothe userspeci?edby the GETinput- rameterusername andthen printtheresultto the clientbrowser.Anormalhttp request with the input parameter username looks like http://example. com/ index.php?username=bob. The dynamically created database query at line2 is SELECT * FROM users WHERE username='bob' AND usertype='user'. Thisprogram is vulnerabletoSQLInjection attacks because mysql query uses the input value of username without sanitizingmalicious codes. A malicious code can be a stringthatcontains SQL symbols ork- words.Ifan attacker sendarequest with SQL code ('alice'-') - jected http://example.com/index.php?username=alice'-, the query becomes SELECT* FROM users WHERE username='alice'--' AND usertype='user'. See more
Current price €50.39
Original price €55.99
Save 10%
Age Group_Uncategorizedautomatic-updateB01=Anish MathuriaB01=Somesh JhaCategory1=Non-FictionCategory=KJQCategory=UKNCategory=UNDCategory=UNHCategory=URCategory=UTNCategory=UYQPCategory=UYZCOP=GermanyDelivery_Delivery within 10-20 working daysLanguage_EnglishPA=AvailablePrice_€50 to €100PS=Activesoftlaunch
Delivery/Collection within 10-20 working days
Product Details
  • Publication Date: 02 Dec 2010
  • Publisher: Springer-Verlag Berlin and Heidelberg GmbH & Co. KG
  • Publication City/Country: Germany
  • Language: English
  • ISBN13: 9783642177132

Customer Reviews

Be the first to write a review
0%
(0)
0%
(0)
0%
(0)
0%
(0)
0%
(0)
We use cookies to ensure that we give you the best experience on our website. If you continue we'll assume that you are understand this. Learn more
Accept