GETTING STUCK WITH SIMILAR DESIGNING THE SECURE DATABASE ASSIGNMENT? ENROL WITH EXPERTSMINDS'S DESIGNING THE SECURE DATABASE ASSIGNMENT HELP SERVICES AND GET DISTRESSED WITH YOUR ASSIGNMENT WORRIES!
Lab: Designing the Secure Database
You have been hired as a database security consultant to review the web application to identify the SQL injection and Cross-site scripting attacks and report your finding along with your recommendations.
Question 2. What types of SQL-Injection attack has been identified in the report
Answer:
Incorrectly filtered escape characters type injection find in the testsparker. It is a type of injection which found when the escape character are not used in the code. This type injection may be occurred in the future when the database is used by the customer of end user.
The following code briefly explain this vulnerability:
Statement = SELECT FROM "user" WHERE name = ‘ " +username + " '; "
This code is used for fetch the records of mentioned user name from the table user
This SQL code is designed to pull up the records of the specified username from its table of users.
But the username variable is used by the hacker then this code show the result from the database.
When set the variable username as ‘or ‘1' = ‘1
Or use some comment by the malicious user which will stop the execution of the rest code.
' OR '1'='1' {
' OR '1'='1' /*
' OR '1'='1' --
These code is used by the malicious user.
SELECT * FROM user WHERE name = '' OR '1'='1';
SELECT * FROM users WHERE name = '' OR '1'='1' -- ';
This type code is used to force for the selection all data from database because '1'='1' or '1'='1' -- ' this type code will be always true for the program and it display all the records from database.
SAVE YOUR HIGHER GRADE WITH ACQUIRING DESIGNING THE SECURE DATABASE ASSIGNMENT HELP & QUALITY HOMEWORK WRITING SERVICES OF EXPERTSMINDS.COM
Question 3. What will be the impact of SQL-Injection attack and your recommendation to prevent those attacks?
Answer:
The database contains sensitive data which is only for the organization use. If any organization loss the data that means they lose their prospective business or security. So SQL-injection will lose anything of the database. SQL-injection is a bad impact for the company.
But there is some prevention for SQL-attacks.
Validate all data which is submitted by the user.
Use prepare statement and avoid dynamic SQL.
• Vulnerabilities of the software and database must be discovered from time to time and make more rigid against injection.
• Use a firewall which will give protection from the malicious data. It prevents SQL injection for the application.
• Make more authentic of your database functionality which will prevent SQL injection.
• Give authentication according to the level which doesn't make a connection to the database directly they have taken privileges by the user then access the database.
• Change the password on regular basis.
• Use the best software for checking and fixing the error in the code which will also prevent the SQL injection.
EXPERTSMINDS.COM ACCEPTS INSTANT AND SHORT DEADLINES ORDER FOR DESIGNING THE SECURE DATABASE ASSIGNMENT - ORDER TODAY FOR EXCELLENCE!
Question 4. What types of Cross-side Scripting issues has been identified in the report and writes your recommendation to remedy those issues
Answer:
Cross-Site Scripting occurs when the Data enters from the unauthorized users or unauthorized source. And data will be enters in dynamic content without validation of the content.
The malicious content will enter in the by the web browser and it may contain JavaScript, HTML and other types of code will be executed by the browser. This type of attack is cross-site scripting, but it will send the private data to the cookies and also session information. And it will help the hacker to controlling the website of the victim.
There are some prevention of Cross-Site Scripting
Escaping: if any data enters to the system from outside source, then malicious data
Prevented by this technique.
Validating Input: Each data should be validate.
GET BENEFITTED WITH QUALITY DESIGNING THE SECURE DATABASE ASSIGNMENT HELP SERVICE OF EXPERTSMINDS.COM