StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Web Application Security - Term Paper Example

Cite this document
Summary
"Web Application Security" paper critically discusses the dangers of SQL injection in terms of website attacks that affect most individuals and organizations. Several forms of attack by SQL injection are used by most attackers to access the database of the targeted websites. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.7% of users find it useful

Extract of sample "Web Application Security"

 Web Application Security Table of Contents Introduction 2 Analysis 2 Vulnerability and common scenarios 2 How the intruder can exploit it 3 Assessment of the vulnerability 4 Severity levels 4 Examples 5 Recommendations and steps to patch the vulnerability 6 Conclusion 7 References 8 Introduction The SQL injection is one of the techniques used to attack a website and hence rendering it ineffective to the users. This has a lot of negative impacts on the organizations as it leads to loss of information by the organization. On the other hand, it is also important to note that the attack not only causes harm to the website but it also renders the information stored in the website useless. Unauthorized access of information is therefore, a major concern for most organizations. The SQL injection utilizes the use of rogue commands to access the website of an organization (Kieyzun, 2009). The database information is usually distorted through the use of unauthorized codes. The passwords or other security details required to access a website are usually distorted and hence enabling the access by the intruder. The paper critically discusses the dangers of SQL injection in terms of website attacks that affects most individuals and organizations. Analysis Vulnerability and common scenarios Several forms of attack by the SQL injection are used by most attackers to access the database of the targeted websites. It is also important to note that the attacking vector is used for the purpose of attacking the targeted website. The incorrectly filtered escape characters are some of the methods that render the websites of the organizations vulnerable to attacks. This is achieved when the username is crafted in a specific and malicious way by the attacker. The information regarding all the users of a particular website may be reviewed through the use of SQL injection. Incorrect type handling is also one of the main methods that exposes the websites to vulnerability. This happens when the user field is not checked for type constrains. The blind SQL injection is also one of the forms of vulnerability that the websites may be exposed. This takes a different form as it is difficult for the messages to be exposed or viewed by the attacker. The conditional responses are also common scenarios that are experienced by he individuals and organization. This conditional response is as a result of using codes and queries when accessing the information in the websites. It may take a long period of time before the attack is managed and hence inconveniencing the website users (Hu, et al, 2010). How the intruder can exploit it The vulnerability of the website is what exposes it to the attack by the intruder. In most cases, the intruder is usually aware of the problems facing the website. The interference with parent language is one of the main methods that are used by the intruder. This is achieved by changing the parent language and thus changing the response of the website. Incorrect type handling also gives the intruder an opportunity to exploit the website. It is done by manipulating the statements and hence eliminating the need for escape characters. The intruder is thus aware of the weaknesses that a website may have and hence take advantage of it. It is also possible to display the information of website differently and hence the attack. This is applicable for the purpose of using the blind SQL injection. The attacker may also use the queries that are asked for the purpose of verification to cause an attack. Changing or manipulating the query in order to gain access to a particular website is applied by the intruder in order to gain access to a particular website. It is thus evident that the intruder usually takes advantage of the existing weaknesses within the website in order to cause an intrusion (Lam, et al, 2008). Assessment of the vulnerability The SQL injection attack is one of the most vulnerable attacks that have led to the intrusion of many sites. This is evident from records as it was considered the most vulnerable web application in 2007 and 2010 (Clarke, 2012). The attacking vector can be grouped into various classes depending on their vulnerability and technical aspects of the attack. The vulnerability of the attack by the SQL injection depends on the measures that have been put in place to guard the website from the attack. The SQL injection can be used for the purpose of accessing information from highly secured websites. This is done through the utilization of the weaknesses of the website. Most of the crucial information that has been obtained from the government websites is through the use of the SQL injection. It is also important to note that the weaknesses of the websites increases the chance of SQL attack and hence the loss of valuable information. However, it is also evident that the vulnerability of the SQL injection attack can be reduced by putting in place several measures that guards a website against the attacks (Jain, 2011). Severity levels The SQL injection can be used for the purposes of attacking any SQL database leading to severe damage and loss of information. The severity levels are very high and it may lead to the shutting down of the website after the attack. This is a common experience for most organizations whose website has been attacked. The access to personal information is one of the main effects of SQL injection that has led to the interference of private lives of most people. It is reported that there are about 71 attempts every hour on most prominent websites. Some of the attempts are usually successful while others are not. Some attackers using the SQL injection usually delete sensitive information regarding an organization. This has a negative impact on the organization as some of the information is usually classified. The integrity of the data is usually compromised by the attack and hence reducing the reliability of the information. This has a potential of misleading the clients or the organization as a whole. The attacks are quite severe as the number of attempts keeps increasing. The situation is further worsened by the efficiency of this tool to attack different types of websites. This is thus a big challenge to the information technology sector as the attacks results to losses amounting to millions of dollars (Stavrou et al, 2009). Examples According to Lee, et al (2012), many organizations across the world have been affected by the attack by SQL injection. In June 2007, a hacker was responsible for defacing the Microsoft website in the United Kingdom through the use of the SQL injection. This problem was acknowledged by Microsoft and it led to a lot of controversies. The attack is an indication of how serious the problem is considering that Microsoft is a big organization in the information technology industry. In 2008, Kaspesrky which is one of the manufactures of the best anti-virus was also attacked using the SQL injection. This happened in Malaysia and it caused the company some financial losses. This is an indication that the attacks pose a serious challenge to the organizations that are affected by the problem. The attacks using the SQL injection has also caused a lot of harm to individuals. This was the case in 2010 when attackers used the SQL injection in China and Japan to access the credit card in formation of online customers. This resulted to the loss of money by the customers to the attackers. The government websites have also fallen victim of the attacks using the SQL injection which shows how determined the attackers are. The Indian government tourist site was once attacked using the SQL injection in 2006 leading to access of crucial information regarding the government operations in the sector. It is thus evident that the hacking problem in critical and has a lot of negative impacts on the organizations that fall victims of the attack (Clarke, 2012). Recommendations and steps to patch the vulnerability Although the problem is quite complex in nature and affects most of the organizations, it is possible to protect the websites from the attacks. The use of parameterized statements is important in terms of combating the problem. This is because the parameters have the ability of detecting any attempts and hence the prevention of the attack. Escaping the characters is also an important method of preventing the attacks from taking place. This is achieved through defining the SQL injection and thus enabling its prevention. The pattern check is also important when dealing with the problem as it enables the prevention of the attack. The pattern check ensures that the flow of information is monitored and hence eliminating any unnecessary patterns that may lead to attacks on the website. Database permission is also important for the purpose of reducing attacks. This is achieved by ensuring that the users have to log in order to gain authorized access. This plays an important role in safeguarding the available information found in the website of the company. It also minimizes the chances of attacks to a great extent. Limiting the permission for access of the website is thus important for an organization in terms of dealing with the SQL injection (Ezumalai, et al, 2009). Conclusion In conclusion, the SQL attacks have a lot of potential in terms of damaging the website of an organization. This is achieved through unauthorized access to the website of an organization. The loss of crucial information is one of the negative impacts of the attack. The vulnerability of the website plays an important role in promoting the attacks. It is thus evident that the security measures that have been put in place by the company determine whether the attacks would occur or not. It is also evident that the attackers always take advantage of the weaknesses in the websites of the company. The problem is quite severe and it has a lot of negative impacts to an organization. The negative impacts have the potential of causing losses for an organization. It is also evident that some of the prominent organizations have suffered the attacks leading to major losses. It is thus evident that no organization is safe from the attacks. However, various methods can be used to mitigate the attacks. References Clarke, J. (2012). SQL injection attacks and defense. Syngress Publishing. Ezumalai, R. et al. (2009). Combinatorial Approach for Preventing SQL Injection Attacks. In Advance Computing Conference, 2009. IACC 2009. IEEE International (pp. 1212-1217). IEEE. Hu, Y. et al. (2010). Method of defense SQL injection attacks based on sequence alignment. Jisuanji Yingyong Yanjiu, 27(9), 3525-3528. Jain, K. (2011). An Authentication Mechanism against SQL Injection on Web Platform. Kieyzun, A. (2009). Automatic creation of SQL injection and cross-site scripting attacks. In Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on (pp. 199-209). IEEE. Lam, M. et al. (2008). Automatic generation of XSS and SQL injection attacks with goal- directed model checking. In Proceedings of the 17th conference on Security symposium (pp. 31-43). USENIX Association. Lee, I. et al, (2012). A novel method for SQL injection attack detection based on removing SQL query attribute values. Mathematical and Computer Modelling, 55(1), 58-68. Stavrou, A. et al. (2009). SQLProb: a proxy-based architecture towards preventing SQL injection attacks. In Proceedings of the 2009 ACM symposium on Applied Computing (pp. 2054- 2061). ACM. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Web Application Security Term Paper Example | Topics and Well Written Essays - 1500 words, n.d.)
Web Application Security Term Paper Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/2049353-web-application-security
(Web Application Security Term Paper Example | Topics and Well Written Essays - 1500 Words)
Web Application Security Term Paper Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/2049353-web-application-security.
“Web Application Security Term Paper Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/2049353-web-application-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Web Application Security

Why I Wish to Attend Virginia Commonwealth University

The security standard in this school, as well as its proximity to my home, is all an added advantage.... Emergency telephones across the campus give me a sense of security.... I also spent much time visiting the web page www.... And I must admit that I was excited to see that independent viewpoints echoed the same things I found at the school's web page....
1 Pages (250 words) Admission/Application Essay

American's consuming unhealthy amounts of t.v., video games, and web surfing

Video Games and web Surfing It is generally acknowledged that many Americans are addicted to electronics specifically T.... Video Games and web Surfing.... Video Games and web Surfing addictions is a great burden to the overall health of persons and by extension others as well.... All addictions such as television, web surfing and video games are self-inflicted, almost entirely preventable by the afflicted yet their lack of social and personal responsibility burdens all closely associated with them including society as a whole....
2 Pages (500 words) Admission/Application Essay

Alternatives Beyond Maximizing the Security Interests of a State

The paper "Alternatives Beyond Maximizing the security Interests of a State" states that the successful claiming of position by Iran has automatically been a result of the move to attain development of regional hegemony among the members, accessing wealth and achieving nuclear superiority.... More specifically, the essay shall highlight the other alternatives that are existent in an endeavor to maximize the states' security.... The essay shall also shed light on the case of Iran and the alternatives of development of regional hegemony among the members, accessing wealth and achieving nuclear superiority, as factors that would reduce chances of war attempts in the name of securing peace and security....
4 Pages (1000 words) Admission/Application Essay

Business Continuity for the White House Security Staff

It is the duty of the security personnel and staff in the White House to make sure that there is a policy in place for the continuity and back up for the operations of the country.... The purpose of the policy is to have in place a secure and outlined way of how to handle attacks… The details of the Government plans have been kept secret due to security concerns.... Therefore business continuity of the security staff in the White House means the coordinated efforts and means by systems and personnel to make sure The purpose of the policy for business continuity for the White House security staff is to make sure that there is plan and order in the way activities are carried in and out of the House in case of an emergency....
4 Pages (1000 words) Admission/Application Essay

B_B

is a medium sized company manufacturing, automotive electrical components and supplies.... It produces a variety of automotive parts and employs a large number of administrative and managerial personnel to ensure that its operations work out smoothly and… Johnny Bennett was the founder and is the current president of the company, He used to produce only cable assemblies in his garage and coupled with great objectives and ambition, he managed to establish his company which is currently supplying auto parts to over 90 stores Kathryn Marley is the vice president of the operations and supply chain management who seeks to progress the company in the best way possible by deciding to install an MRP system....
3 Pages (750 words) Admission/Application Essay

CryptoLocker

Thus, it might be perceived that effective safeguard against malwares such as CryptoLocker will get developed in future depending upon the rate of development in the area of information technology security.... web.... web.... CryptoLocker, in technical terms, can be described as a form of malware code, which uses the conceptions of encryption and decryption for harassing the victims....
2 Pages (500 words) Admission/Application Essay

What Does the Russian Meteorite Tell Us About Surveillance Culture

ntil recently, surveillance was a preserve of governments that used surveillance through satellites, street camera and security camera in buildings.... The security enforcement agencies use recordings from surveillance cameras to identify criminal activities and possible track down the criminals.... In fact, security cameras form the majority of surveillance equipment.... web.... web....
2 Pages (500 words) Admission/Application Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us