Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
ANALYSIS OF THE PROBLEM OF SQL-INJECTIONS IN WEB APPLICATIONS
View through CrossRef
The use of web applications endows production and business processes with new qualities, primarily such as: high business mobility; availability of services; continuity of business processes; scalability of the resulting effect, etc. Taking into account all these circumstances, the issue of ensuring information security during the processing and storage of personalized and "sensitive" corporate information retains the highest priority and is an extremely relevant area of activity, both for specialists of the relevant divisions of companies (information security departments and services), and for specialized specialists the field of information security. SQL injection is one of the most common techniques for hacking applications and websites that work with various databases. The attack, as a rule, is carried out based on the introduction of incorrect SQL operators into various types of requests, which allows the attacker to gain almost complete unauthorized access to the corresponding database, local files, as well as the possibility of remote execution of arbitrary operations on the server. Additionally, SQL attacks are often the result of unshielded input being passed to a site and used as part of a database query. The article provides a brief overview of known techniques for hacking applications and websites that work with databases. Based on the analysis of the main types of SQL attacks, the most serious types of threats were identified. Attention was drawn to the need for periodic testing and monitoring of websites, which is an actual means of protection against SQL injections. It has been noted that the best testing method is an attempt to subject the code to SQL injection. The considered methods of protection are able to increase the overall level of security of software products against attacks of the "SQL injection" type, ensure the correct operation of applications and the integrity of user data. The use of methods and means of testing web applications for resistance to denial-of-service attacks (DoS-attacks) is considered. The approach presented in the article will provide an opportunity to identify vulnerabilities and potential threats that can be used by attackers for unauthorized access to web resources.
Borys Grinchenko Kyiv Metropolitan University
Title: ANALYSIS OF THE PROBLEM OF SQL-INJECTIONS IN WEB APPLICATIONS
Description:
The use of web applications endows production and business processes with new qualities, primarily such as: high business mobility; availability of services; continuity of business processes; scalability of the resulting effect, etc.
Taking into account all these circumstances, the issue of ensuring information security during the processing and storage of personalized and "sensitive" corporate information retains the highest priority and is an extremely relevant area of activity, both for specialists of the relevant divisions of companies (information security departments and services), and for specialized specialists the field of information security.
SQL injection is one of the most common techniques for hacking applications and websites that work with various databases.
The attack, as a rule, is carried out based on the introduction of incorrect SQL operators into various types of requests, which allows the attacker to gain almost complete unauthorized access to the corresponding database, local files, as well as the possibility of remote execution of arbitrary operations on the server.
Additionally, SQL attacks are often the result of unshielded input being passed to a site and used as part of a database query.
The article provides a brief overview of known techniques for hacking applications and websites that work with databases.
Based on the analysis of the main types of SQL attacks, the most serious types of threats were identified.
Attention was drawn to the need for periodic testing and monitoring of websites, which is an actual means of protection against SQL injections.
It has been noted that the best testing method is an attempt to subject the code to SQL injection.
The considered methods of protection are able to increase the overall level of security of software products against attacks of the "SQL injection" type, ensure the correct operation of applications and the integrity of user data.
The use of methods and means of testing web applications for resistance to denial-of-service attacks (DoS-attacks) is considered.
The approach presented in the article will provide an opportunity to identify vulnerabilities and potential threats that can be used by attackers for unauthorized access to web resources.
Related Results
Optimizing Text-to-SQL Transformations: The Potential of Skeleton Decoupling in SKT-SQL
Optimizing Text-to-SQL Transformations: The Potential of Skeleton Decoupling in SKT-SQL
Abstract
The Text-to-SQL technology faces significant challenges in converting natural language questions into SQL code, particularly in handling complexities and diversiti...
SQL INJECTION ATTACKS DETECTION: A PERFORMANCE COMPARISON ON MULTIPLE CLASSIFICATION MODELS
SQL INJECTION ATTACKS DETECTION: A PERFORMANCE COMPARISON ON MULTIPLE CLASSIFICATION MODELS
SQL injection attacks are a common and serious security threat to web applications, where malicious users exploit vulnerabilities to gain unauthorized access to sensitive data or m...
Implementasi Web Application Firewall Dalam Mencegah Serangan SQL Injection Pada Website
Implementasi Web Application Firewall Dalam Mencegah Serangan SQL Injection Pada Website
Dalam beberapa tahun terakhir perkembangan teknologi informasi menjadi semakin pesat, perkembangan ini membuat segala aktifitas dan pekerjaan menjadi lebih mudah, seperti halnya un...
Atomic quantum metrology with narrowband entangled and squeezed states of light
Atomic quantum metrology with narrowband entangled and squeezed states of light
The use of light, especially of laser light, is in many cases the most sensitive way to perform measurements. However, the highest sensitivity that can be achieved with laser light...
Studi Literatur Komparasi SQL dan NoSQL dalam Pemilihan Basis Data Ideal untuk Skalabilitas Tinggi
Studi Literatur Komparasi SQL dan NoSQL dalam Pemilihan Basis Data Ideal untuk Skalabilitas Tinggi
This research compares SQL and NoSQL databases in terms of high scalability and data management efficiency. SQL, with its relational model and ACID principles, excels in data consi...
Enhanced Financial Text-to-SQL Generation via Fine-Grained SQL Refinement
Enhanced Financial Text-to-SQL Generation via Fine-Grained SQL Refinement
Text-to-SQL systems aim to enable users to query structured data using natural language, and recent advances in large language models have significantly improved their performance ...
A robust natural language text-to-SQL generation framework with dynamic strategies based on LLMs
A robust natural language text-to-SQL generation framework with dynamic strategies based on LLMs
Abstract
Natural language text-to-SQL generation (Text2SQL) aims to translate natural language questions into executable SQL queries. Although the emergence of la...
PENGUKURAN EFEKTIVITAS SERANGAN SQL INJECTION PADA WEBSITE DENGAN MENGGUNAKAN TOOLS JSQL, HAVIJ, DAN THE MOLE
PENGUKURAN EFEKTIVITAS SERANGAN SQL INJECTION PADA WEBSITE DENGAN MENGGUNAKAN TOOLS JSQL, HAVIJ, DAN THE MOLE
Along with current technological developments, security for data information residing on websites is very vulnerable to crimes in the internet world such as attacks on security hol...