Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010
Author:   Somesh Jha ,  Anish Mathuria
Publisher:   Springer-Verlag Berlin and Heidelberg GmbH & Co. KG
Edition:   2010 ed.
Volume:   6503
ISBN:  

9783642177132


Pages:   261
Publication Date:   02 December 2010
Format:   Paperback
Availability:   In Print   Availability explained
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Our Price $190.08 Quantity:  
Add to Cart

Share |

Information Systems Security: 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010


Add your own review!

Overview

"2.1 Web Application Vulnerabilities Many web application vulnerabilities havebeenwell documented andthemi- gation methods havealso beenintroduced [1]. The most common cause ofthose vulnerabilities isthe insu?cient input validation. Any data originated from o- side of the program code, forexample input data provided by user through a web form, shouldalwaysbeconsidered malicious andmustbesanitized before use.SQLInjection, Remote code execution orCross-site Scriptingarethe very common vulnerabilities ofthattype [3]. Below isabrief introduction toSQL- jection vulnerability though the security testingmethodpresented in thispaper is not limited toit. SQLinjectionvulnerabilityallowsanattackertoillegallymanipulatedatabase byinjectingmalicious SQL codes into the values of input parameters of http requests sentto the victim web site. 1: Fig.1. An example of a program written in PHP which contains SQL Injection v- nerability Figure 1 showsaprogram that uses the database query function mysql query togetuserinformationcorrespondingtothe userspeci?edby the GETinput- rameterusername andthen printtheresultto the clientbrowser.Anormalhttp request with the input parameter username looks like ""http://example. com/ index.php?username=bob"". The dynamically created database query at line2 is ""SELECT * FROM users WHERE username='bob' AND usertype='user'"". Thisprogram is vulnerabletoSQLInjection attacks because mysql query uses the input value of username without sanitizingmalicious codes. A malicious code can be a stringthatcontains SQL symbols ork- words.Ifan attacker sendarequest with SQL code ('alice'-') - jected ""http://example.com/index.php?username=alice'-"", the query becomes ""SELECT* FROM users WHERE username='alice'--' AND usertype='user'""."

Full Product Details

Author:   Somesh Jha ,  Anish Mathuria
Publisher:   Springer-Verlag Berlin and Heidelberg GmbH & Co. KG
Imprint:   Springer-Verlag Berlin and Heidelberg GmbH & Co. K
Edition:   2010 ed.
Volume:   6503
Dimensions:   Width: 15.50cm , Height: 1.50cm , Length: 23.40cm
Weight:   0.422kg
ISBN:  

9783642177132


ISBN 10:   3642177131
Pages:   261
Publication Date:   02 December 2010
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Paperback
Publisher's Status:   Active
Availability:   In Print   Availability explained
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Table of Contents

Reviews

Author Information

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions
Latest Reading Guide

wl

Shopping Cart
Your cart is empty
 Shopping cart
Mailing List

 

Sign up now