The Art of SQL Injection{3}

by Ermie C
In this peer reviewed article, it explains the many ways  on how SQL databases can be infiltrated with certain techniques.  There are techniques such as changing the attributes of the entities in the database.  They explain how sql injections can be implemented in any web application and any application that is connected with a database.  It’s really impressive that they have shown a technique on how to detect SQL injections.  This all deals with creating backups for the original database queries and attributes.  The the solution to seeing this is that they have created a SQL algorithm that compares the dynamic(present) database and compares it to the static database(past).  Then when it compares, it will essentially, detect the differences in queries and attributes.  However, just like every double edged sword, SQL injections are possible for any web application with a database, these techniques to detect and prevent SQL injections can be also be implemented.

This is a very interesting article because I have never really seen examples of SQL injection.  All I heard is people create code to replace or add data into the database.  However, now reading this, it has shown me that DBAs need to understand how to stop these.  With a past article, the best to stop being hacked, is to hire the hackers.  They find loopholes and they can also close those loopholes.

I have enjoyed this class very much, it has shown me a lot of things that I have never really understood in the Database back end.  This article fits with the class because in the future I would like to be a cyber security employee and protect information for the forces of evil.  Well, not to that extent, but cyber security has always interested me.  So with that, it’s about making the greatest enemy into the greatest friend.


Lee, I. , Jeong, S. , Yeo, S. , & Moon, J. (2012). A novel method for sql injection attack detection based on removing sql query attribute values. Mathematical & Computer Modelling, 55(1/2), 58-68.