A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks
Quite a number of new technologies and concepts have emerged lately and they are yet to be fully absorbed by the growing market. The concepts range from the architectural evolutions in telecommunications and access networks known as Next Generation Networks (NGNs) to other technologies such as: Perv...
| Main Authors: | , |
|---|---|
| Format: | Book Chapter |
| Language: | English |
| Published: |
CRC Press, USA
2013
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/25295/ http://irep.iium.edu.my/25295/ http://irep.iium.edu.my/25295/1/6-Chapter-checked1_Update_april.pdf |
| Summary: | Quite a number of new technologies and concepts have emerged lately and they are yet to be fully absorbed by the growing market. The concepts range from the architectural evolutions in telecommunications and access networks known as Next Generation Networks (NGNs) to other technologies such as: Pervasive/Ubiquitous Computing, Future Internet, Internet Of Things (IoT), Cloud Computing, Green Computing, and the like. All these inventions and concepts basically deal more or less with data (or, information). The reality is that in most of the cases, we cannot talk about data without relating those with their containers, i.e., databases (data storage) which store the data. Talking about databases would mean dealing with the contents (SELECT, UPDATE, DELETE, DROP, etc.) whereby comes forward the threat of SQL Injection attacks. From an individual adoption to a complete nation’s scenario (e-Governance), the Internet technology has gone through a very rapid growth recently and its adoption is moving faster than ever before. Billions of transactions are done today online via a wide range of Internet technologies. However, this does not mean that our online business and transaction is secure from potential threats. On the other hand, most studies show the contrary: emerging threats are increasing exponentially. For some consecutive times, SQL Injection is categorized as the top-10 Web application vulnerabilities experienced by Web applications. Prior to any communication with the backend database, a user has to be identified. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection (using SQL Injection statements) gives access to unauthorized users.
In this chapter, we present a walk through SQL Injection vulnerabilities, attacks, and their prevention techniques in current and future networks. It is very much likely that the threats of SQL Injection will remain almost similar to that of the current status, for the next generation and future networks. Innovative tactics of using SQL Injection pose constant headache for the security experts. Hence, alongside presenting our findings from the comprehensive study about past and present, we also note down future expectations and possible development of countermeasures against SQL Injection attacks.
|
|---|