Beschreibung
Web sites are dynamic, static, and most of the time a combination of both. Web sites needs to protect their databases to assure security. An SQL injection attacks interactive web applications that provide database services. These applications take user inputs and use them to create an SQL query at run time. In an SQL injection attack, an attacker might insert a malicious crafted SQL query as input to perform an unauthorized database operation. Using SQL injection attacks, an attacker can retrieve, modify or can delete confidential sensitive information from the database. It may jeopardize the confidentiality, trust and security of Web sites which totally depends on databases. This report presents a code reengineering that implicitly protects the web applications from SQL injection attacks. It uses an original approach that combines static as well as dynamic analysis. In this report, I mentioned an automated technique for moving out SQL injection vulnerabilities from Java code by converting plain text inputs received from users into prepared statements.
Autorenporträt
Jagdish Halde is currently working as a Cyber Security Engineer at CSID Corporation, he actively monitors underground black market economy to protect coustomer's Personal Identification Information. He holds a MS. in Computer Science from San Jose State University. His research interest include Web security, malware analysis and penetration testing
