Skip to content

Booksellers & Trade Customers: Sign up for online bulk buying at trade.atlanticbooks.com for wholesale discounts

Booksellers: Create Account on our B2B Portal for wholesale discounts

Information Systems Security: 6th International Conference, Iciss 2010, Gandhinagar, India, December 17-19, 2010

by Somesh Jha , Anish Mathuria
Save 17% Save 17%
Current price ₹5,700.00
Original price ₹6,840.00
Original price ₹6,840.00
Original price ₹6,840.00
(-17%)
₹5,700.00
Current price ₹5,700.00

Imported Edition - Ships in 18-21 Days

Free Shipping in India on orders above Rs. 500

Request Bulk Quantity Quote
+91
Book cover type: Paperback
  • ISBN13: 9783642177132
  • Binding: Paperback
  • Subject: N/A
  • Publisher: Springer
  • Publisher Imprint: Springer
  • Publication Date:
  • Pages: 261
  • Original Price: USD 54.99
  • Language: English
  • Edition: 2010
  • Item Weight: 418 grams
  • BISAC Subject(s): Security / Network Security

2.1 Web Application Vulnerabilities Many web application vulnerabilities havebeenwell documented andthemi- gation methods havealso beenintroduced [1]. The most common cause ofthose vulnerabilities isthe insu?cient input validation. Any data originated from o- side of the program code, forexample input data provided by user through a web form, shouldalwaysbeconsidered malicious andmustbesanitized before use.SQLInjection, Remote code execution orCross-site Scriptingarethe very common vulnerabilities ofthattype [3]. Below isabrief introduction toSQL- jection vulnerability though the security testingmethodpresented in thispaper is not limited toit. SQLinjectionvulnerabilityallowsanattackertoillegallymanipulatedatabase byinjectingmalicious SQL codes into the values of input parameters of http requests sentto the victim web site. 1: Fig.1. An example of a program written in PHP which contains SQL Injection v- nerability Figure 1 showsaprogram that uses the database query function mysql query togetuserinformationcorrespondingtothe userspeci?edby the GETinput- rameterusername andthen printtheresultto the clientbrowser.Anormalhttp request with the input parameter username looks like http: //example.com/ index.php?username=bob . The dynamically created database query at line2 is SELECT * FROM users WHERE username= bob AND usertype= user . Thisprogram is vulnerabletoSQLInjection attacks because mysql query uses the input value of username without sanitizingmalicious codes. A malicious code can be a stringthatcontains SQL symbols ork- words.Ifan attacker sendarequest with SQL code ( alice ) - jected http: //example.com/index.php?username=alice, the query becomes SELECT* FROM users WHERE username= alice -- AND usertype= user ."

Trusted for over 49 years

Family Owned Company

Secure Payment

All Major Credit Cards/Debit Cards/UPI & More Accepted

New & Authentic Products

India's Largest Distributor

Need Support?

Whatsapp Us