- Volume 12 Issue 1
SQL Injection techniques disclosed web hacking years passed, but these are classified the most dangerous attac ks. Recent web programming data for efficient storage and retrieval using a DBMS is essential. Mainly PHP, JSP, A SP, and scripting language used to interact with the DBMS. In this web environments application does not validate the client's invalid entry may cause abnormal SQL query. These unusual queries to bypass user authentication or da ta that is stored in the database can be exposed. SQL Injection vulnerability environment, an attacker can pass the web-based authentication using username and password and data stored in the database. Measures against SQL Inj ection on has been announced as a number of methods. But if you rely on any one method of many security hole ca n occur. The proposal of four levels leverage is composed with the source code, operational phases, database, server management side and the user input validation. This is a way to apply the measures in terms of why the accident preventive steps for creating a phased step-by-step response nodel, through the process of management measures, if applied, there is the possibility of SQL Injection attacks can be.
Supported by : 산학협동재단
- OWASP, CSRF Guard, http://www.owasp.org/index.php/CSRF_Guard
- David Gourley and Brian Totty, "HTTP: The Definitive Guide", O'Reilly Media, 2002.
- http://www.owasp.org/index.php/Cross- Site_Request_Forgery
- 이미정,노시춘, SQL Injection 취약점 진단 프로그램,2005.6
- Stepen Cost, An Introduction to SQL Injection Attacks,for Oracle develops, 2007.3
- http://redsea23.egloos.com/243019 SQL Injection 공격과 방어 방법
- 박상옥, 웹 관리자를 위한 응급처치법-SQL Injection 해킹 보안,2011.11
- http://support.oullim.co.kr/portal/Tec hletter/200 80615/news4.htm
- http://dev.mysql.com/downloads/gui-tools/ 5.0.html
- http://www.google.co.kr/imgres?imgurl= http://blog.outsider.ne.kr/attach/1/1154314780
- http://database.sarang.net/database/postgres/ tutorial/lecture/c89.htm