We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

See Pricing

What's Your Topic?

Hire a Professional Writer Now

The input space is limited by 250 symbols

What's Your Deadline?

Choose 3 Hours or More.
Back
2/4 steps

How Many Pages?

Back
3/4 steps

Sign Up and See Pricing

"You must agree to out terms of services and privacy policy"
Back
Get Offer

SQL Injection Attacks

Hire a Professional Writer Now

The input space is limited by 250 symbols

Deadline:2 days left
"You must agree to out terms of services and privacy policy"
Write my paper

Abstract
The MJD electronics board has inquired into database security and would like to have more information on what would be the best methods for the company to implement. As the chief security and compliance officer, I have investigated several different threats and in the following I will explain these threats and what can be done to prevent them.

SQL Injection Attacks
SQL injection is an attack on databases through the use of websites. This is done through the insertion of malicious code that is then passed into an instance of SQL Server for execution.

Don't use plagiarized sources. Get Your Custom Essay on
SQL Injection Attacks
Just from $13,9/Page
Get custom paper

The SQL injection follows the path of user-input in order to access the system through the loopholes that have been inadvertently left by developers in the input validation areas of the database. SQL injection takes advantage of the lack of checks or validations and passes the commands to the database.

A SQL injection attack is a very serious threat because it allows the attacker to have access to an applications data.

The attacker is then able to access the private data from the database and manipulate or even delete the entire database, causing the application to stop working and a loss of trust and revenue from our customers. The best way for a company to protect themselves from this type of attack is to implement validation checks in their databases. When a user inserts information, it should not run without having some sort of prior validation check in place to prevent malicious code from being entered (Ganapathy, 2012). The validation needs to check all SQL keywords such as SELECT or WHERE. Also, there needs to be database permissions that have been established for all users. XPath Injection

XPath is a type of attack that navigates through the structure of an XML document. This threat was designed in order to have a tool to exploit different parts of an XML document, while also providing functionality to manipulate data strings. XPath uses non-XML syntax in order to insert itself within URI’s and XML attribute values (Dwibedi, 2005). XPath carries out its attack by exploiting the queries from user-inputs in order to query XML documents. This attack is similar to SQL injection attacks in that if the database uses customer/user queries without having validations in place, the risk of XPath injection attacks increases. Also, the same preventative measures should be in place for XPath injection prevention as is needed for SQL injection prevention. Database Hardening

Database hardening is not an attack but is instead a term for the different configuration aspects in order to protect the database server. When deploying a database server it is necessary to configure the server to be as secure as possible (dbGreenSQL, n.d.). In order to configure the database server securely, the following guidelines should be followed: Server needs to kept up-to-date and run on the latest generation Do not use any default settings, always change the default password and username Keep a separate server for sensitive information/databases

Reduce access levels to a minimum, only give access levels depending on their job function Review logging system in order to discover intrusions before they become a problem

References
Ganapathy, L. (2012). How to Prevent SQL Injection Attack. Retrieved from,
http://www.thegeekstuff.com/2012/02/sql-injection-attacks/. Dwibedi, R. (2005). XPath Injection in XML Databases. Retrieved from,
http://palizine.plynt.com/issues/2005Jul/xpath-injection/.
dbGreenSQL (n.d.). MySQL Security Best Practices (Hardening MySQL Tips). Retrieved from,
http://www.greensql.com/articles/mysql-security-best-practices.

Cite this SQL Injection Attacks

SQL Injection Attacks. (2017, Apr 25). Retrieved from https://graduateway.com/sql-injection-attacks/

Show less
  • Use multiple resourses when assembling your essay
  • Get help form professional writers when not sure you can do it yourself
  • Use Plagiarism Checker to double check your essay
  • Do not copy and paste free to download essays
Get plagiarism free essay

Search for essay samples now

Haven't found the Essay You Want?

Get my paper now

For Only $13.90/page