Detect And Mitigate Sql Injection By Experiment Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

This Project explores the methods used to attack, detect and defend database systems with the aim of producing a series of recommendations in the form of a security policy. This could then be used by IT professionals to secure their applications and database systems. The main focus of this project is investigating SQL injection and other threats fased by database administrators.

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any Procedure that constructs SQL statements should be reviewed for injection vulnerablities becuase SQL Server will execute all syntactically valid queries that it receives. Even paramerterized data can be manipulated by a skilled and dtermined attacker.

The primary form of SQL injection consists of direct insertion of code into user input cariables that are concatenated with SQL command and executed. A less direct attack injects malicious code into strings that are destined for storage in a table of as metadata. When the strored strings are subsequently concatenated into a synamic SQL command, the malicious code is executed.

The injection process works by permaturely terminating a text string and appending a new command. Because the inserted command may have additional strings appended to it before it is executed, the malefactor terminates the injected string with a comment mark "-". Subsequent text is ignored at execution time.

The detection of SQL injection attacks has primarily been accomplished through pattern matching techniques against signatures and keywords known to be malicious. Until recently, this techniques has been successfull. Now attackers are hiding their malicious intent in a variety of ways to escape detection. These attemps detection requre new technoloty and techniques in order to be discovered and stopped before reaching critical systems and causing the exposure or destruction or corporate data.

Despite SQL injection's well-earned reputation as a relatively common and dangerous SQL Server attack vector, there are several ways to protect against this type of attack. The first, and most obvious, is to ensure that Web applications properly validate user-supplied input. Input can be filtered so that only known good input is accepted, known bad input could be stripped out, bad input could be escaped, and finally, bad input could be rejected entirely. Often a combination of these approaches is the best solution.

The idea behind allowing only known good input is defining a set of permitted characters for each data type used by the application. A telephone number input field, for example, would only accept the digits 0 to 9; a surname field should only contain upper- or lowercase letters from A to Z. The application could also be programmed to reject SQL keywords such as select or exec. Care should be taken to ensure that all possible keywords are included. A filter checking for the select keyword could be bypassed by alternative encodings:


The key objectives for this project are:

To study and examine the complete Sql Injection threat anaylsis.

To demonstrate the methods and their complete process of SQL Injection.

To examine the methods of identifying attacks of SQL Injection on a database webapplication.

To evaluate the preventative technologies from SQL Injection attacks.

Construct and test a security policy.

- How the Objectives will be achieved

To understand the scope of a threat surface, all segments of the control system and emphasis on entry points will be examined. The communication link between data and decision layers is the primary attack surface for SQL Injection. This Project will facilitate understand what SQL Injection is and why it is a significant threat to control system environments.

To have a brief view of all types of Sql Injection including First Order Attack, Second Order Attack, Literal Attack, Blind Sql Injection, Cross site Scripting and Escape String Sql injection etc and their complete processes will be implemented by coding examples.

Methods of identifying attacks of SQL Injection on the database application will be examined with different techniques such as routine application database audits should be used to determine if the application has been compromised. Querying the database for common HTML tags used by worms can reveal signs that the applicatoin is spreading malware and many others techniques will be described in this project.

Eliminating SQL injection vulnerabilities in a web application is the best approach to fight worms. Performing full application security audits can determine the presence of vulnerabilities in the systems. These penetration tests mimic an attacker by utilizing many of the same tools and techniques to identify weaknesses. On the other hand various commercial and free automated tools such as SQL Inject-Me are able to detect the presence of SQL injection vulnerabilities in web application.

To ensure that security is built into the web application, a security policy will be constructed for the web application and are mandated for compliance with many requlation such as SARBANES-OXLEY to demonstrate that it has taken "due diligence" in safeguarding application security and information policy. One security policy is constructed then it will be implemented to test and verify whether the security mechanisms perate correctly. This will be done through penetration testing which involves manullay or automatically trying to minic an attackers actions to check if any tested scenarios result in security breaches.