Abstract
The use of web applications endows production and business processes with new qualities, primarily such as: high business mobility; availability of services; continuity of business processes; scalability of the resulting effect, etc. Taking into account all these circumstances, the issue of ensuring information security during the processing and storage of personalized and "sensitive" corporate information retains the highest priority and is an extremely relevant area of activity, both for specialists of the relevant divisions of companies (information security departments and services), and for specialized specialists the field of information security. SQL injection is one of the most common techniques for hacking applications and websites that work with various databases. The attack, as a rule, is carried out based on the introduction of incorrect SQL operators into various types of requests, which allows the attacker to gain almost complete unauthorized access to the corresponding database, local files, as well as the possibility of remote execution of arbitrary operations on the server. Additionally, SQL attacks are often the result of unshielded input being passed to a site and used as part of a database query. The article provides a brief overview of known techniques for hacking applications and websites that work with databases. Based on the analysis of the main types of SQL attacks, the most serious types of threats were identified. Attention was drawn to the need for periodic testing and monitoring of websites, which is an actual means of protection against SQL injections. It has been noted that the best testing method is an attempt to subject the code to SQL injection. The considered methods of protection are able to increase the overall level of security of software products against attacks of the "SQL injection" type, ensure the correct operation of applications and the integrity of user data. The use of methods and means of testing web applications for resistance to denial-of-service attacks (DoS-attacks) is considered. The approach presented in the article will provide an opportunity to identify vulnerabilities and potential threats that can be used by attackers for unauthorized access to web resources.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have