An Introduction to SQL Injection Attacks for Oracle Developers (2007)

 

 

Most application developers underestimate the risk of SQL injections attacks against applications that use Oracle as the back-end database. Our audits of custom web applications show many application developers do not fully understand the risk of SQL injection attacks and simple techniques used to prevent such attacks. This paper is intended for application developers, database administrators, and application auditors to highlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable. It is not intended to be a tutorial on executing SQL attacks and does not provide instructions on executing these attacks. SQL injection is a basic attack used either to gain unauthorized access to a database or to retrieve information directly from the database. The basic principles underlying SQL injection are simple and these types of attacks are easy to execute and master. Any program or application may be vulnerable to SQL injection including stored procedures executed with a direct database connection, Oracle Forms applications, web applications, etc. Numerous SQL injection vulnerabilities have been found in the standard Oracle Database packages such as DBMS_DATAPUMP, DBMS_REGISTRY, and DBMS_METADATA (see Oracle Critical Patch Update January 2006). Web applications are at highest risk to attack since often an attacker can exploit SQL injection vulnerabilities remotely without any database or application authentication. [via]
http://www.integrigy.com/security-resources/w...

Rating: 0/10

 

Download File

 

Tags: Tag sql injection, Tag sql, Tag injection, Tag vulnerability, Tag security, Tag oracle, Tag attack, Tag developer, Tag white paper, ...

 

Related Files

 

 
Sponsored Links
Free Download Logitech Manual, Guide, Instructions, available in PDF ebooks format.
An Introduction to SQL Injection Attacks for Oracle Developers

Rate this Document

Popular eBooks

ADS