SQL Injection – A simple query which can manifest as a security concern
In my previous blog, I focused on the security issues associated with broken authentication and session management concerns. Here I shall focus on the security and the vulnerability quotient of an application.
I will discuss about the threats and their possible solutions. I will also mention few tools that aid the hacker in outsmarting the developer of the application. And, most importantly, why is t is important to understand and find the small errors which we commit making the job easy for a hacker. Normally, a hacker uses multiple hacking techniques to outsmart application developers. And, I will aim to cover each of them in a separate blog.
Security Business Case
Firstly, it is not necessary to be a certified hacker or for that matter an ethical/non-ethical hacker to be a web miscreant. A college grad can hack your application using a simple query. Yes, I am talking about the most simple sql query.
Let’s make this our first business case – the Sql Injection.
We have a web, desktop, or a mobile application, of any type, within which we have a form that takes some values and get you the results based on those inputs. Basically, we are trying to say that whatever inputs we give, they are used to fetch data from some database.
A mischievous sub broker enters his id in his broker’s portal to check the status of the transactions of his clients. However, he maliciously injects favorable condition in the query through the form meant to input his id, and retrieved all unauthorized data that he is not supposed to see. This will negatively impact business of the broker, and his credibility is deemed to be questioned, unfortunately affecting his numbers on the annual balance sheet.
String brokerId = request.getParameter("brokerId"); //returns 3003 String query = "SELECT * FROM user_transactions WHERE brokerId = " +brokerId; Statement statement = connection.createStatement(); ResultSet results = statement.executeQuery( query );
If the user is able to pass “303 or 1=1
Latest posts by Vivek Sharma (see all)
- Custom Auto Deployment: A Client – Server Model - January 22, 2016
- Insecure Direct Object References – Closing the doors - March 4, 2015
- Cross-site Scripting (XSS) – Focus on validation for web applications - February 20, 2015
Over 10 years of experience in technology and extremely interested in software security. Experienced in working with banks to safeguard against security threats. He spends his free time deep in stock market analysis.All stories by: Vivek Sharma