Title :
A Misuse Pattern for Retrieving Data from a Database Using SQL Injection
Author :
Fernandez, Eduardo B. ; Alder, E. ; Bagley, R. ; Paghdar, S.
Author_Institution :
Dept. of Electr. & Comput. Eng. & Comput. Sci., Florida Atlantic Univ., Boca Raton, FL, USA
Abstract :
SQL injection attacks represent a serious threat to any database-driven site and they are one of the most frequent types of attacks. We present here a misuse pattern for retrieving data from a database using SQL injection, which describes the essential and typical characteristics of this type of attack. A misuse pattern describes from the point of view of the attacker, how a type of attack or misuse is performed (what units it uses and how), looks at the selection of the methods available to the attacker, analyzes the way of stopping the attack, and describes how to trace the attack once it has happened by appropriate collection and observation of forensic data.
Keywords :
SQL; database management systems; digital forensics; information retrieval; SQL injection attacks; data retrieval; database-driven site; forensic data; misuse pattern; SQL injection attacks; computer security; data security breach; forensics; misuse pattern; security pattern;
Conference_Titel :
BioMedical Computing (BioMedCom), 2012 ASE/IEEE International Conference on
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4673-5495-0
DOI :
10.1109/BioMedCom.2012.27
