04603nam 22008295 450 991048328100332120251226195133.03-642-17714-X10.1007/978-3-642-17714-9(CKB)2670000000064729(SSID)ssj0000476292(PQKBManifestationID)11305741(PQKBTitleCode)TC0000476292(PQKBWorkID)10479357(PQKB)11485488(DE-He213)978-3-642-17714-9(MiAaPQ)EBC3066216(PPN)149902700(BIP)32617487(EXLCZ)99267000000006472920101207d2010 u| 0engurnn|008mamaatxtccrInformation Systems Security 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 /edited by Somesh Jha, Anish Mathuria1st ed. 2010.Berlin, Heidelberg :Springer Berlin Heidelberg :Imprint: Springer,2010.1 online resource (XIV, 261 p. 60 illus.) Security and Cryptology,2946-1863 ;6503Bibliographic Level Mode of Issuance: Monograph3-642-17713-1 Includes bibliographical references and index.2.1 Web Application Vulnerabilities Many web application vulnerabilities havebeenwell documented andthemi- gation methods havealso beenintroduced [1]. The most common cause ofthose vulnerabilities isthe insu'cient input validation. Any data originated from o- side of the program code, forexample input data provided by user through a web form, shouldalwaysbeconsidered malicious andmustbesanitized before use.SQLInjection, Remote code execution orCross-site Scriptingarethe very common vulnerabilities ofthattype [3]. Below isabrief introduction toSQL- jection vulnerability though the security testingmethodpresented in thispaper is not limited toit. SQLinjectionvulnerabilityallowsanattackertoillegallymanipulatedatabase byinjectingmalicious SQL codes into the values of input parameters of http requests sentto the victim web site. 1: Fig.1. An example of a program written in PHP which contains SQL Injection v- nerability Figure 1 showsaprogram that uses the database query function mysql query togetuserinformationcorrespondingtothe userspeci'edby the GETinput- rameterusername andthen printtheresultto the clientbrowser.Anormalhttp request with the input parameter username looks like "http://example.com/ index.php'username=bob". The dynamically created database query at line2 is "SELECT * FROM users WHERE username='bob' AND usertype='user'". Thisprogram is vulnerabletoSQLInjection attacks because mysql query uses the input value of username without sanitizingmalicious codes. A malicious code can be a stringthatcontains SQL symbols ork- words.Ifan attacker sendarequest with SQL code ('alice'-') - jected "http://example.com/index.php'username=alice'-", the query becomes "SELECT* FROM users WHERE username='alice'--' AND usertype='user'".Security and Cryptology,2946-1863 ;6503Computer networksUser interfaces (Computer systems)Human-computer interactionData protectionInformation storage and retrieval systemsElectronic data processingManagementBiometric identificationComputer Communication NetworksUser Interfaces and Human Computer InteractionData and Information SecurityInformation Storage and RetrievalIT OperationsBiometricsComputer networks.User interfaces (Computer systems).Human-computer interaction.Data protection.Information storage and retrieval systems.Electronic data processingManagement.Biometric identification.Computer Communication Networks.User Interfaces and Human Computer Interaction.Data and Information Security.Information Storage and Retrieval.IT Operations.Biometrics.004.6Jha Somesh117620Mathuria Anish1967-1757081MiAaPQMiAaPQMiAaPQBOOK9910483281003321Information Systems Security4194722UNINA