EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

SQL INJECTION ATTACKS AND VULNERABILITIES

Ionel Iacob () and Mironela Pirnau ()
Additional contact information
Ionel Iacob: Romanian-American University, Bucharest, Romania
Mironela Pirnau: Titu Maiorescu University, Bucharest, Romania

Journal of Information Systems & Operations Management, 2020, vol. 14, issue 1, 68-81

Abstract: SQL Injection represents a technique of code injection which exploits a series of problems regarding the vulnerability over the data base security from the computing structure of a certain application, with the main cause being the filtering or the incorrect usage of the processed data conducted by one user. These attacks include: queries to the operating system using the system queries; the usage of the external programs under the Shell orders and queries to the back-end databases by using a SQL code. By incorporating the malicious SQL commands in the content of the parameter, the attacker may trick the application to send a malicious interrogation to the database. The SQL Injection is considered to be an attacking technique over the security and the vulnerability with major impact risk (negative) and consequences of serious levels, both professional and personal. The severity of SQL Injection attacks is limited by the ability and the imagination of the attacker, and to a lesser extent, by the counter measures of defense in depth, such as the connections with reduced privileges to the database server, etc. From the point of view of the security against attacks of SQL Injection OWASP - Open Web Application Security Project type, the validation of all input and output data is recommended, the debugging of all errors generated by the application and the usage of roles and permissions in the database. SQL Injection embodies the vulnerability when the attacker tries to introduce pieces of SQL code sequences in the input fields of the application, being sent afterwards towards the database server. A successful attack would allow the attacker the access both the database server and the files of the system. The SQL Injection attacks may be classified according to a series of criteria such as: the channel to obtain data from, the obtained responses from the server, the manner of response of the server, the impact point, etc.

Date: 2020
References: Add references at CitEc
Citations:

Downloads: (external link)
http://www.rebe.rau.ro/RePEc/rau/jisomg/SU20/JISOM14.12020_68-81.pdf (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:rau:jisomg:v:14:y:2020:i:1:p:68-81

Access Statistics for this article

More articles in Journal of Information Systems & Operations Management from Romanian-American University Contact information at EDIRC.
Bibliographic data for series maintained by Alex Tabusca ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-11-08
Handle: RePEc:rau:jisomg:v:14:y:2020:i:1:p:68-81