Your Perfect Assignment is Just a Click Away
We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!

How It Works
Order Now
glass
pen
clip
papers
heaphones

ISSC431 Central Texas College SQL Injection Attack Discussion

Jun 7, 2022 | Programming,ISSC431

Jun 7, 2022 | Programming,ISSC431

ISSC431 Central Texas College SQL Injection Attack Discussion

Hello,
I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
For this assignment, answer the following:

What steps would you take to prevent an SQL injection attack?
What are advantages and disadvantages of dynamic SQL statements?
What types of databases are more vulnerable to SQL injections?

Student one:
Week 6 Forum
A hacking technique that was discovered 15-20 years ago has been proven today still to have a very devastating effect and is top priority for database security. SQL is a command control language associated with relational databases as Microsoft SQL, MySQL and Oracle. The first preventative measurements taken is the establishments to understanding which or any of your current applications are vulnerable to SQL injections. I feel the best way is to attack yourself to see if you are successful. However, the complexity to SQL language, there isn’t a trivial task in constructing snippet codes used to inject into a SQL query attempting to hack the database.
The disadvantages of dynamic SQL statements are loss in performance, queries are unable to be cached, debugging is hard, unreliable error management, no way to validate code dynamically, unable to use temporary tables, difficulties in the maintenance because schemas are hard coded within the dynamic code, and ease of security being compromised with SQL injections. Therefore, I recommend you trying to avoid as much as you can with using dynamic SQL.
Databases such as SQL, MS SQL Server, MySQL, Access, and Oracle are subject to SQL injections. SQL injections is very common in web applications used in a web site. Weaknesses in the database not properly written code, hacking tools are used to take over these applications to compromise. Therefore, SQL itself is vulnerable to SQL injections because it’s not within the database engine, however the source is within the back-end database.
Are databases with no proper Input validation, vulnerable to SQL Injection?
-Keenan

Student two:
What steps would you take to prevent an SQL injection attack?
There are a number of steps that can be taken to prevent a successful SQL injection attack. These measures include the following:

Bond Parameters – These parameters bind with the user query. This bond essentially becomes a protective shell around the user query so that the query is treated as strictly data by the database, rather than a command or script.
Data Sanitization – This preventative measure will block specific words or characters and filtering bad key words out while allowing good key words to be used in the database query.
Database Restriction and Segregation – This preventative measure uses least privilege principles to ensure that users and accounts don’t have more privileges that they need to, which can open up a risk to a SQL injection.
Database Design with Security in Mind – This preventative measure implements security before the database is created. This involves considering database location, external threat vectors, externally available information, naming conventions, etc.
Monitoring – This preventative measure ensures that if an injection attack hits the database, that the administrators will receive an alert so they can take corrective action, or corrective action can be applied automatically.

(Basta, Zgola, & Bullaboy, 2012)
What are advantages and disadvantages of dynamic SQL statements?
Dynamic SQL statements are helpful because it allows the user to build the query themselves without having to know the SQL language. This means it’s more customizable from the end user perspective. However, the big disadvantage with dynamic SQL statements is that they are highly susceptible to SQL injections. Preventative measures can be taken to help outweigh this risk (see above), but this is a huge risk and most database administrators will avoid using these dynamic statements. Additionally dynamic statements often require complex code to operate, which can get messy and hard to maintain as the system grows. (Oracle dynamic, n.d.)
What types of databases are more vulnerable to SQL injections?
Lots of databases accept the SQL language and it is not just limited to SQL only databases. Oracle and others are also susceptible. However, since SQL injections usually originate from web pages and web forms, any database that receives input from a web page will be vulnerable to SQL injections. (SQL Injection, n.d.)
References
Basta, A., Zgola, M., & Bullaboy, D. (2012). Database security. Boston, MA: Course Technology/Cengage Learning.
Oracle Dynamic SQL. (n.d.). Retrieved June 12, 2019, from https://docs.oracle.com/cd/A87861_01/NT817EE/appdev.817/a76942/pc_13dyn.htm
SQL Injection Defense for Databases and Networks. (n.d.). Retrieved June 12, 2019, from https://www.beyondsecurity.com/about-sql-injection.html
-Leah

Order Solution Now

Our Service Charter

1. Professional & Expert Writers: Topnotch Essay only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided byTopnotch Essay are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Topnotch Essay is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Topnotch Essay, we have put in place a team of experts who answer to all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.