SQL-injections: an overview of potential protection methods

doi:10.26565/2519-2310-2019-3-03

Юрій Попов V. N. Karazin Kharkiv National University
Сабіна Рузудженк V. N. Karazin Kharkiv National University https://orcid.org/0000-0002-1749-5762
Карина Погоріла V. N. Karazin Kharkiv National University

DOI: https://doi.org/10.26565/2519-2310-2019-3-03

Keywords: SQL-injection, Data bases, SQL attacks

Abstract

This work exposes a brief review of well-known hacking techniques for programs and websites working with databases. Based on a comprehensive analysis of the main types of SQL attacks, the most profound threats are identified. They include in-band, blind and out-of-band types of SQL injections. An out-of-band SQL attack is considered to be the most dangerous because of its characteristics’ combination. Attention was also paid on the need of periodic testing and monitoring, which is an actual method of protection against SQL injections. It is emphasized, that the best testing method is undertaking code by the SQL injection. The protection methods, reviewed above, can increase the overall security of software products from attacks such as SQL injection, ensure the correct functionality of applications and the integrity of user data.

Downloads

Download data is not yet available.

Author Biographies

Юрій Попов, V. N. Karazin Kharkiv National University

Computer science student

Сабіна Рузудженк, V. N. Karazin Kharkiv National University

Computer science student

Карина Погоріла, V. N. Karazin Kharkiv National University

Computer science student

References

Популярность языков программирования: рейтинг 2018. [Электронный ресурс]. Режим доступу: https://techrocks.ru/2018/07/29/programming-languages-popularity-2018/

Статистика Positive Technologies. [Электронный ресурс]. Режим доступу: https://www.ptsecurity.com/ru-ru/research/analytics/

Д. Евтеев, SQL Injection от А до Я. [Электронный ресурс]. Режим доступу: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/PT-devteev-AdvancedSQL-Injection.pdf.

П. Яновски та Є.Бурмакин, Основы веб-хакинга. [Электронный ресурс]. Режим доступу: white-hat-hacking-ru-sample.pdf.

М. Егоров, “Выявление и эксплуатация SQL-инъекций в приложениях”, Защита информации. INSIDE, № 2, с. 2-8, 2011.

SQL инъекции. Проверка, взлом, защита. [Электронный ресурс]. Режим доступа: https://habr.com/ru/post/130826/.

К.И. Колесникова, Ю.И.Кошкарёва, SQL-инъекции. [Электронный ресурс]. Режим доступа: https://docplayer.ru/46070414-Sql-inekcii-nauchnyy-rukovoditel-gapanyuk-yu-e-k-t-n-docent.html

SQL Injection: The Longest Running Sequel in Programming History. [Электронный ресурс]. Режим доступа: https://www.researchgate.net/publication/324227697_SQL_Injection_The_Longest_Running_Sequel_in_Programming_History/link/5ac6a25d4585151e80a37b27/download