• DocumentCode
    2171425
  • Title

    A Misuse Pattern for Retrieving Data from a Database Using SQL Injection

  • Author

    Fernandez, Eduardo B. ; Alder, E. ; Bagley, R. ; Paghdar, S.

  • Author_Institution
    Dept. of Electr. & Comput. Eng. & Comput. Sci., Florida Atlantic Univ., Boca Raton, FL, USA
  • fYear
    2012
  • fDate
    14-16 Dec. 2012
  • Firstpage
    127
  • Lastpage
    131
  • Abstract
    SQL injection attacks represent a serious threat to any database-driven site and they are one of the most frequent types of attacks. We present here a misuse pattern for retrieving data from a database using SQL injection, which describes the essential and typical characteristics of this type of attack. A misuse pattern describes from the point of view of the attacker, how a type of attack or misuse is performed (what units it uses and how), looks at the selection of the methods available to the attacker, analyzes the way of stopping the attack, and describes how to trace the attack once it has happened by appropriate collection and observation of forensic data.
  • Keywords
    SQL; database management systems; digital forensics; information retrieval; SQL injection attacks; data retrieval; database-driven site; forensic data; misuse pattern; SQL injection attacks; computer security; data security breach; forensics; misuse pattern; security pattern;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    BioMedical Computing (BioMedCom), 2012 ASE/IEEE International Conference on
  • Conference_Location
    Washington, DC
  • Print_ISBN
    978-1-4673-5495-0
  • Type

    conf

  • DOI
    10.1109/BioMedCom.2012.27
  • Filename
    6516440