Get help now

SQL Injection Attacks

  • Pages 3
  • Words 575
  • Views 135
  • dovnload

    Download

    Cite

  • Pages 3
  • Words 575
  • Views 135
  • Academic anxiety?

    Get original paper in 3 hours and nail the task

    Get your paper price

    124 experts online

    Abstract
    The MJD electronics board has inquired into database security and would like to have more information on what would be the best methods for the company to implement. As the chief security and compliance officer, I have investigated several different threats and in the following I will explain these threats and what can be done to prevent them.

    SQL Injection Attacks
    SQL injection is an attack on databases through the use of websites. This is done through the insertion of malicious code that is then passed into an instance of SQL Server for execution. The SQL injection follows the path of user-input in order to access the system through the loopholes that have been inadvertently left by developers in the input validation areas of the database. SQL injection takes advantage of the lack of checks or validations and passes the commands to the database.

    A SQL injection attack is a very serious threat because it allows the attacker to have access to an applications data. The attacker is then able to access the private data from the database and manipulate or even delete the entire database, causing the application to stop working and a loss of trust and revenue from our customers. The best way for a company to protect themselves from this type of attack is to implement validation checks in their databases. When a user inserts information, it should not run without having some sort of prior validation check in place to prevent malicious code from being entered (Ganapathy, 2012). The validation needs to check all SQL keywords such as SELECT or WHERE. Also, there needs to be database permissions that have been established for all users. XPath Injection

    XPath is a type of attack that navigates through the structure of an XML document. This threat was designed in order to have a tool to exploit different parts of an XML document, while also providing functionality to manipulate data strings. XPath uses non-XML syntax in order to insert itself within URI’s and XML attribute values (Dwibedi, 2005). XPath carries out its attack by exploiting the queries from user-inputs in order to query XML documents. This attack is similar to SQL injection attacks in that if the database uses customer/user queries without having validations in place, the risk of XPath injection attacks increases. Also, the same preventative measures should be in place for XPath injection prevention as is needed for SQL injection prevention. Database Hardening

    Database hardening is not an attack but is instead a term for the different configuration aspects in order to protect the database server. When deploying a database server it is necessary to configure the server to be as secure as possible (dbGreenSQL, n.d.). In order to configure the database server securely, the following guidelines should be followed: Server needs to kept up-to-date and run on the latest generation Do not use any default settings, always change the default password and username Keep a separate server for sensitive information/databases

    Reduce access levels to a minimum, only give access levels depending on their job function Review logging system in order to discover intrusions before they become a problem

    References
    Ganapathy, L. (2012). How to Prevent SQL Injection Attack. Retrieved from,
    http://www.thegeekstuff.com/2012/02/sql-injection-attacks/. Dwibedi, R. (2005). XPath Injection in XML Databases. Retrieved from,
    http://palizine.plynt.com/issues/2005Jul/xpath-injection/.
    dbGreenSQL (n.d.). MySQL Security Best Practices (Hardening MySQL Tips). Retrieved from,
    http://www.greensql.com/articles/mysql-security-best-practices.

    This essay was written by a fellow student. You may use it as a guide or sample for writing your own paper, but remember to cite it correctly. Don’t submit it as your own as it will be considered plagiarism.

    Need a custom essay sample written specially to meet your requirements?

    Choose skilled expert on your subject and get original paper with free plagiarism report

    Order custom paper Without paying upfront

    SQL Injection Attacks. (2017, Apr 25). Retrieved from https://graduateway.com/sql-injection-attacks/

    Hi, my name is Amy 👋

    In case you can't find a relevant example, our professional writers are ready to help you write a unique paper. Just talk to our smart assistant Amy and she'll connect you with the best match.

    Get help with your paper
    We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy