Online SQL Vulnerabilities

by Andrew M
The article I am writing about tonight is entitled “A Survey on Web Application Vulnerabilities(SQLIA,XSS)Exploitation and Security Engine for SQL Injection” by Rashul Johari and Pankaj Sharma. This article talks about how hackers are finding vulnerabilities in online website which allow users to run SQL queries. In essence these hackers are running queries that the database is not prepared for. When this query returns results it gives back information that the hackers can use to exploit the company. The author describes three different attacks that hackers can use. There are stored/persistent attacks, reflected/non-persistent attacks and finally cross-scripting attacks. Stored attacks lure users to clicking on infected links of a website. This attack allows hackers to gain access to valuable information from the SQL server they are attacking. Cross-site attacks also deals with the redirection of web links and directs users to infected sites.

This article is related to our topic because we are starting to talk about SQL. I find it especially important because many of us will be going into the database field and this is a very important issue.

I personally found this article very interesting because I am interested in security and this whole article is dealing with internet security. I also found the author’s conclusion interesting because many the authors previewed what others solutions in the field were. Overall, I liked this article a lot and feel it should be read by the class.


Johari, R.; Sharma, P.; , “A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection,” Communication Systems and Network Technologies (CSNT), 2012 International Conference on , vol., no., pp.453-458, 11-13 May 2012