IIUM Repository

A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks

Diallo , Abdoulaye Kindy and Pathan, Al-Sakib Khan (2013) A walk through SQL injection: vulnerabilities, attacks, and countermeasures in current and future networks. In: Building Next-Generation Converged Networks: Theory and Practice. CRC Press, USA, USA. ISBN 9781466507616

[img] PDF (Book Chapter, Accepted and to Appear) - Accepted Version
Restricted to Registered users only

Download (708kB) | Request a copy

Abstract

Quite a number of new technologies and concepts have emerged lately and they are yet to be fully absorbed by the growing market. The concepts range from the architectural evolutions in telecommunications and access networks known as Next Generation Networks (NGNs) to other technologies such as: Pervasive/Ubiquitous Computing, Future Internet, Internet Of Things (IoT), Cloud Computing, Green Computing, and the like. All these inventions and concepts basically deal more or less with data (or, information). The reality is that in most of the cases, we cannot talk about data without relating those with their containers, i.e., databases (data storage) which store the data. Talking about databases would mean dealing with the contents (SELECT, UPDATE, DELETE, DROP, etc.) whereby comes forward the threat of SQL Injection attacks. From an individual adoption to a complete nation’s scenario (e-Governance), the Internet technology has gone through a very rapid growth recently and its adoption is moving faster than ever before. Billions of transactions are done today online via a wide range of Internet technologies. However, this does not mean that our online business and transaction is secure from potential threats. On the other hand, most studies show the contrary: emerging threats are increasing exponentially. For some consecutive times, SQL Injection is categorized as the top-10 Web application vulnerabilities experienced by Web applications. Prior to any communication with the backend database, a user has to be identified. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection (using SQL Injection statements) gives access to unauthorized users. In this chapter, we present a walk through SQL Injection vulnerabilities, attacks, and their prevention techniques in current and future networks. It is very much likely that the threats of SQL Injection will remain almost similar to that of the current status, for the next generation and future networks. Innovative tactics of using SQL Injection pose constant headache for the security experts. Hence, alongside presenting our findings from the comprehensive study about past and present, we also note down future expectations and possible development of countermeasures against SQL Injection attacks.

Item Type: Book Chapter
Additional Information: 6481/25295
Uncontrolled Keywords: SQL
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology > Department of Computer Science
Kulliyyah of Information and Communication Technology > Department of Computer Science
Depositing User: Dr. Al-Sakib Khan Pathan
Date Deposited: 31 Dec 2012 13:33
Last Modified: 29 Apr 2014 14:24
URI: http://irep.iium.edu.my/id/eprint/25295

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year