Proceedings of the 3rd International Conference on Integrated Intelligent Computing Communication & Security (ICIIC 2021)

A Study of SQL Injection Hacking Techniques

Authors
Foong Yew Joe, Vinesha Selvarajah
Corresponding Author
Foong Yew Joe
Available Online 13 September 2021.
DOI
10.2991/ahis.k.210913.067How to use a DOI?
Keywords
SQL Injection, SQL, Hacking, Cyber Security, Penetration Testing, Database
Abstract

Data is the most valuable asset of a person in the current cyber world. More and more data are being collected by applications for multi-purposes. These valuable data are stored inside a database. Standard Query Language (SQL) is a database query language for managing databases. SQL injection attack is the most common attack being used by attackers to gain unauthorized access to the database although it has been used for more than a decade. Many security professionals have proposed countermeasures against SQL injection attacks, but it is still listed as one of the Top 10 Web Application Security Risks today. The concept of SQL injection attack is to inject SQL codes into the database server and execute the injected codes to retrieve the desired result. SQL injection attacks can be classified into different categories depending on the characteristics of the attack. The severity of a SQL injection attack may vary, depending on the vulnerability and the permission assigned. It may only be causing leakage of some insensitive data or it might be causing the destruction and major modification of the database. This paper includes an overview of SQL injection attacks and a demonstration of attacking the database. Moreover, the characteristics and examples of exploiting different types of SQL injection vulnerabilities were discussed.

Copyright
© 2021, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 3rd International Conference on Integrated Intelligent Computing Communication & Security (ICIIC 2021)
Series
Atlantis Highlights in Computer Sciences
Publication Date
13 September 2021
ISBN
978-94-6239-428-5
ISSN
2589-4900
DOI
10.2991/ahis.k.210913.067How to use a DOI?
Copyright
© 2021, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Foong Yew Joe
AU  - Vinesha Selvarajah
PY  - 2021
DA  - 2021/09/13
TI  - A Study of SQL Injection Hacking Techniques
BT  - Proceedings of the 3rd International Conference on Integrated Intelligent Computing Communication & Security (ICIIC 2021)
PB  - Atlantis Press
SP  - 531
EP  - 539
SN  - 2589-4900
UR  - https://doi.org/10.2991/ahis.k.210913.067
DO  - 10.2991/ahis.k.210913.067
ID  - Joe2021
ER  -