Keywords
security
vulnerability
sqlmap
Abstract
The article presents an analysis of SQL Injection vulnerabilities. The work begins with the presentation of the characteristics of the attack analyzed in the context of database. Databases,
despite the key role in the infrastructure of many kinds of systems are characterized by insufficient level of security, which in turn can lead to serious loses. The main threat are SQL Injection attacks, which currently does not have external defense mechanisms. For this purpose, there is a solution to increase the security of database systems, involving the proper preparation of the code that supports dynamic database queries. Tests have shown high effectiveness of protection against currently known SQL Injection attacks. Article is aimed at database administrators in particular for Web services.
References
[2] Sadeghian A; Zamani M; Ibrahim S.: SQL Injection is Still Alive:A Study on SQL Injection Signature Evasion Techniques. Advanced Informatics School Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia, 2013.
[3] Clarke J.: SQL Injection Attacks and Defense, Syngress Publishing, Inc., Burlington 2012.
[4] https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) [dostęp: 4 marca 2016 r.].
[5] https://www2.trustwave.com/rs/815-RFM-693/images/2015_TrustwaveGlobalSecurityReport.pdf [dostęp: 6 marca 2016 r.].
[6] https://github.com/sqlmapproject/sqlmap [dostęp: 6 marca 2016 r.].