Chapter 1: Introduction

At this time network based operation acts as an essential task in creatural activity. Web application is a set of rules and taken against web services bluffs. Day to day many tasks are now based on web. Web application has become a much approved program for a wide range of services like webmail, online access, Government websites, online retail sales, and many other services. It provides a huge facility to entrance way of database via Internet. From the usages of web services it causes increases the attacks on the web. There are lots of attacks be found in the web application. But the SQL Injection Attack is the most dangerous and challenging attack for the web application [1].

Web applications are the backbone of today’s business and it has a platform for a wide range of services that provide on-line access. The use of web applications has become increasingly popular in our daily life as reading newspaper, making online payment for shopping etc. web applications accepts the data from the users. This data is retrieved from the database through the queries. Web application can have sensitive and confidential data which is stored in database. Websites and services are especially at risk due to their universal exposure and their extensive use of the firewall-friendly HTTP protocol. Web applications offer a great facility to access the database through the Internet, which has provided the required service to customers, but unfortunately these advantages have raised a number of security vulnerabilities from improper code. SQL injection attack is the top most risk associated to a web application according to OWASP (Open Web Application Security Project).

In today’s age, all work is done online provided the flexibility and portability of web applications. The data are stored in databases which can be accessed anywhere and anytime through a network. These databases are built on basis of Code’s principle which uses SQL ("sequel") to interact with external environment. All web applications are depended on the Internet. Example: online banking, university admissions, shopping, and various government activities. So, we can say that these activities are the key component of today’s Internet Infrastructure. The web applications like financial applications, healthcare application, government websites, etc. are interact with the backend database many times for the client’s request response. If such web applications are compromised for the security will result in financial, informational, ethical, legal consequences issues for the web application [2].

.

1.1 Overview of SQL Injection Attack:-

Structured Query Language (SQL) is a high level language used in database management systems (DBMSs). SQL was originally developed in the early 1970’s by Edgar F. Codes at IBM. It allows the user to modify, delete or just access data. The “query” is unit of execution in SQL which returns a set of rows and columns when satisfies the condition specified in query. SQL Injection Attack is the popular method of hacking or cracking at present. During this attack the attacker to compose, scan, renew, rework or destroy data which stored in the database. That type of attack grant to attacker to transform the innovative SQL query to a number of injurious codes in the database to get delicate information or to break down the information from the database. In SQL Injection Attack attacker generates injurious code into a traditional consumer information area of web application to access authorization and endless source. An injurious attacker can extract shaded instruction, transform, or even despoil our entire data stored in a back-end database. SQL Injection is deed shelter vulnerableness at the database layer. It is a straightforward scheme in which attackers insert some SQL cipher to the primary cipher in the database to fetch impressible data or to break down the whole story [15].

SQL injection is a type of web based attack in which the attacker injects SQL commands at entry points of web application to authorize the database. SQL database are attractive targets because they often contain valuable information for example username, passwords, email ids, credit card details, and personal data. SQL injection attack is one of the most popular attacks used in system hacking or cracking. Web application can be harmed by SQL INJECTION ATTACK using SQL INJECTION ATTACK attacker can gain information or have unauthorized access to the system. When attackers gain control over web application maximum damage is caused.

The type of attack which allows the attacker to alter the original SQL query by adding the injected SQL code in the fields is known as SQL injection attack. SQL injection attacks are nothing but injecting malicious queries by the hackers into

Impressum

Verlag: BookRix GmbH & Co. KG

Tag der Veröffentlichung: 04.06.2019
ISBN: 978-3-7487-0630-4

Alle Rechte vorbehalten