DocumentCode
2171425
Title
A Misuse Pattern for Retrieving Data from a Database Using SQL Injection
Author
Fernandez, Eduardo B. ; Alder, E. ; Bagley, R. ; Paghdar, S.
Author_Institution
Dept. of Electr. & Comput. Eng. & Comput. Sci., Florida Atlantic Univ., Boca Raton, FL, USA
fYear
2012
fDate
14-16 Dec. 2012
Firstpage
127
Lastpage
131
Abstract
SQL injection attacks represent a serious threat to any database-driven site and they are one of the most frequent types of attacks. We present here a misuse pattern for retrieving data from a database using SQL injection, which describes the essential and typical characteristics of this type of attack. A misuse pattern describes from the point of view of the attacker, how a type of attack or misuse is performed (what units it uses and how), looks at the selection of the methods available to the attacker, analyzes the way of stopping the attack, and describes how to trace the attack once it has happened by appropriate collection and observation of forensic data.
Keywords
SQL; database management systems; digital forensics; information retrieval; SQL injection attacks; data retrieval; database-driven site; forensic data; misuse pattern; SQL injection attacks; computer security; data security breach; forensics; misuse pattern; security pattern;
fLanguage
English
Publisher
ieee
Conference_Titel
BioMedical Computing (BioMedCom), 2012 ASE/IEEE International Conference on
Conference_Location
Washington, DC
Print_ISBN
978-1-4673-5495-0
Type
conf
DOI
10.1109/BioMedCom.2012.27
Filename
6516440
Link To Document