Information Systems Security

Sorry, this product is not currently available to order

Here are some other products you might consider...

Information Systems Security

Name: Information Systems Security
SKU: 10072185
Price: 134.99 AUD
Availability: SoldOut

6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010

Format:

Paperback / softback

Series:

Security and Cryptology

Show Hide Adult Content

Unavailable

Sorry, this product is not currently available to order

Description

2.1 Web Application Vulnerabilities Many web application vulnerabilities havebeenwell documented andthemi- gation methods havealso beenintroduced [1]. The most common cause ofthose vulnerabilities isthe insu?cient input validation. Any data originated from o- side of the program code, forexample input data provided by user through a web form, shouldalwaysbeconsidered malicious andmustbesanitized before use.SQLInjection, Remote code execution orCross-site Scriptingarethe very common vulnerabilities ofthattype [3]. Below isabrief introduction toSQL- jection vulnerability though the security testingmethodpresented in thispaper is not limited toit. SQLinjectionvulnerabilityallowsanattackertoillegallymanipulatedatabase byinjectingmalicious SQL codes into the values of input parameters of http requests sentto the victim web site. 1: Fig.1. An example of a program written in PHP which contains SQL Injection v- nerability Figure 1 showsaprogram that uses the database query function mysql query togetuserinformationcorrespondingtothe userspeci?edby the GETinput- rameterusername andthen printtheresultto the clientbrowser.Anormalhttp request with the input parameter username looks like "http://example. com/ index.php?username=bob". The dynamically created database query at line2 is "SELECT * FROM users WHERE username='bob' AND usertype='user'". Thisprogram is vulnerabletoSQLInjection attacks because mysql query uses the input value of username without sanitizingmalicious codes. A malicious code can be a stringthatcontains SQL symbols ork- words.Ifan attacker sendarequest with SQL code ('alice'-') - jected "http://example.com/index.php?username=alice'-", the query becomes "SELECT* FROM users WHERE username='alice'--' AND usertype='user'".

Release date Australia

December 2nd, 2010

Audience

Professional & Vocational

Contributors

Edited by Anish Mathuria
Edited by Somesh Jha

Illustrations

60 Illustrations, black and white; XIV, 261 p. 60 illus.

Pages

261

Series

Security and Cryptology

Dimensions

155x234x15

ISBN-13

9783642177132

Product ID

10072185

Customer reviews

Nobody has reviewed this product yet. You could be the first!

Write a Review

Marketplace listings

There are no Marketplace listings available for this product currently.
Already own it? Create a free listing and pay just 9% commission when it sells!

Sell Yours Here

Get free delivery, exclusive deals, and more^*

Computers & Internet Books:

Information Systems Security

Sorry, this product is not currently available to order

Information Systems Security

Format:

Series:

Description

Customer reviews

Marketplace listings

Help & options

Filed under...

Get free delivery, exclusive deals, and more*

Information Systems Security

Sorry, this product is not currently available to order

Get free delivery, exclusive deals, and more^*