LEADER 00879nam1 2200253 i 450 001 VAN00049274 005 20241002121843.250 100 $a20060808f |0itac50 ba 101 $aita 102 $aIT 105 $a|||| ||||| 200 1 $aAppunti dal corso di complementi di matematiche$fGiulio Cesare Barozzi 210 $aBologna$cPitagora 215 $avolumi$d24 cm 463 \1$1001VAN00049275$12001 $aFunzioni di una variabile complessa 463 \1$1001VAN00052153$12001 $a<>trasformata di Laplace 463 \1$1001VAN00052165$12001 $aElementi di algebra lineare 620 $dBologna$3VANL000003 700 1$aBarozzi$bGiulio Cesare$3VANV014174$0437632 712 $aPitagora $3VANV108147$4650 801 $aIT$bSOL$c20250131$gRICA 912 $aVAN00049274 996 $aAppunti dal corso di complementi di matematiche$932423 997 $aUNICAMPANIA LEADER 04603nam 22008295 450 001 9910483281003321 005 20251226195133.0 010 $a3-642-17714-X 024 7 $a10.1007/978-3-642-17714-9 035 $a(CKB)2670000000064729 035 $a(SSID)ssj0000476292 035 $a(PQKBManifestationID)11305741 035 $a(PQKBTitleCode)TC0000476292 035 $a(PQKBWorkID)10479357 035 $a(PQKB)11485488 035 $a(DE-He213)978-3-642-17714-9 035 $a(MiAaPQ)EBC3066216 035 $a(PPN)149902700 035 $a(BIP)32617487 035 $a(EXLCZ)992670000000064729 100 $a20101207d2010 u| 0 101 0 $aeng 135 $aurnn|008mamaa 181 $ctxt 182 $cc 183 $acr 200 10$aInformation Systems Security $e6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 /$fedited by Somesh Jha, Anish Mathuria 205 $a1st ed. 2010. 210 1$aBerlin, Heidelberg :$cSpringer Berlin Heidelberg :$cImprint: Springer,$d2010. 215 $a1 online resource (XIV, 261 p. 60 illus.) 225 1 $aSecurity and Cryptology,$x2946-1863 ;$v6503 300 $aBibliographic Level Mode of Issuance: Monograph 311 08$a3-642-17713-1 320 $aIncludes bibliographical references and index. 330 $a2.1 Web Application Vulnerabilities Many web application vulnerabilities havebeenwell documented andthemi- gation methods havealso beenintroduced [1]. The most common cause ofthose vulnerabilities isthe insu'cient input validation. Any data originated from o- side of the program code, forexample input data provided by user through a web form, shouldalwaysbeconsidered malicious andmustbesanitized before use.SQLInjection, Remote code execution orCross-site Scriptingarethe very common vulnerabilities ofthattype [3]. Below isabrief introduction toSQL- jection vulnerability though the security testingmethodpresented in thispaper is not limited toit. SQLinjectionvulnerabilityallowsanattackertoillegallymanipulatedatabase byinjectingmalicious SQL codes into the values of input parameters of http requests sentto the victim web site. 1: Fig.1. An example of a program written in PHP which contains SQL Injection v- nerability Figure 1 showsaprogram that uses the database query function mysql query togetuserinformationcorrespondingtothe userspeci'edby the GETinput- rameterusername andthen printtheresultto the clientbrowser.Anormalhttp request with the input parameter username looks like "http://example.com/ index.php'username=bob". The dynamically created database query at line2 is "SELECT * FROM users WHERE username='bob' AND usertype='user'". Thisprogram is vulnerabletoSQLInjection attacks because mysql query uses the input value of username without sanitizingmalicious codes. A malicious code can be a stringthatcontains SQL symbols ork- words.Ifan attacker sendarequest with SQL code ('alice'-') - jected "http://example.com/index.php'username=alice'-", the query becomes "SELECT* FROM users WHERE username='alice'--' AND usertype='user'". 410 0$aSecurity and Cryptology,$x2946-1863 ;$v6503 606 $aComputer networks 606 $aUser interfaces (Computer systems) 606 $aHuman-computer interaction 606 $aData protection 606 $aInformation storage and retrieval systems 606 $aElectronic data processing$xManagement 606 $aBiometric identification 606 $aComputer Communication Networks 606 $aUser Interfaces and Human Computer Interaction 606 $aData and Information Security 606 $aInformation Storage and Retrieval 606 $aIT Operations 606 $aBiometrics 615 0$aComputer networks. 615 0$aUser interfaces (Computer systems). 615 0$aHuman-computer interaction. 615 0$aData protection. 615 0$aInformation storage and retrieval systems. 615 0$aElectronic data processing$xManagement. 615 0$aBiometric identification. 615 14$aComputer Communication Networks. 615 24$aUser Interfaces and Human Computer Interaction. 615 24$aData and Information Security. 615 24$aInformation Storage and Retrieval. 615 24$aIT Operations. 615 24$aBiometrics. 676 $a004.6 701 $aJha$b Somesh$0117620 701 $aMathuria$b Anish$f1967-$01757081 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910483281003321 996 $aInformation Systems Security$94194722 997 $aUNINA