SQL Injection Attack as a Threat of Web Portals

SQL Injection Attack as a Threat of Web Portals

Theodoros Tzouramanis (University of the Aegean, Greece)
Copyright: © 2007 |Pages: 7
DOI: 10.4018/978-1-59140-989-2.ch157


SQL injection attack (CERT, 2002) is one of the most prevalent security problems faced by today’s security professionals. It is today the most common technique to indirectly attack Web-powered databases and disassemble effectively the secrecy, integrity and availability of Web portals. The basic idea behind this insidious and pervasive attack is that predefined logical expressions within a pre-defined query can be altered simply by injecting operations that always result in true or false statements. With this simple technique, the attacker can run arbitrary SQL queries and thus s/he can extract sensitive customer and order information from e-commerce applications, or she/he can bypass strong security mechanisms and compromise the back-end databases and the file system of the data server. Despite these threats, a surprisingly high number of systems on the internet are totally vulnerable to this attack.

Complete Chapter List

Search this Book: