SQL Injection

SQL Injection is one of the most common threats to a database system. Some of the other attacks on databases that are quite frequent are:-
  1. Unauthorized privilege escalation- This attack is characterized by an individual attempting to elevate his or her privilege by attacking vulnerable points in the database systems.
  2. Privilege abuse- While the previous attack is done by an unauthorized user, this attack is performed by a privileged user. For example, an administrator who is allowed to change student information can privilege to update student grades without the instructor's permission.
  3. Denial of service- It is an attempt to make resources unavailable to its intended users. It is a general attack category in which access to network applications or data is denied to overflowing the buffer. 
  4. Weak Authentication- If the user authentication scheme is weak an attacker can impersonate the identity of a legitimate user by obtaining their login credentials. 

SQL Injection Methods

In an Injection attack they attacker injects a string input through the application which changes or manipulates the SQL statements to the attacker advantage. An SQL Injection attack can harm the database in various ways such as unauthorized manipulation of the database or rete=rieval of sensitive data. It can also be used to execute system level commands that may cause the system to deny service to the application. types of injections attacks are:-
  • SQL Manipulation
  • Code Injection
  • Function call Injection

Risks Assosiated with SQL Injection

SQL Injection is harmful and the risks associated with it provide motivation for attackers. Some of the risks associated with SQL Injection attacks are:-
  • Database Fingerprinting
  • Denial of Service
  • Bypassing Authentication
  • Identifying Injectable Parameters
  • Executing Remote Commands
  • Performing Privilege Escalation

Post a Comment

0 Comments