SQL Injection Attacks Essay - 1100 Words

Understanding and Preventing SQL Injection Attacks (Essay Sample) Content: Understanding and Preventing SQL Injection AttacksNameInstitutionUnderstanding and Preventing SQL Injection AttacksThe input, processing, storage and retrieval of data are the most fundamental sequences of processes that an application with both front-end and back-end executes. Application developers put in place security measures to leverage authorization and authentication to protect undesired and unauthorized interaction with data stored in the database. Nevertheless, the database remains the primary target of most attackers. Some of the most common attacks induced on databases include SQL injections. SQL injection can be understood as an attack technique that takes advantage of security vulnerability present in the database layer of a target application. SQL injection is used by hackers to gain unauthorized access to underlying structure, data and Database Management systems. SQL injection has become one of the most exploited web applications vulnerability [1]. This essay will explore available literature that delves deeper into how SQL injection occurs, types of SQL injection strategies and attacks, testing and detection of SQL injection. Finally, the essay will discuss prevention of SQL injections.An SQL injection attack is said to have occurred when a hacker succeeds in changing the intended effect of an SQL query through inserting his/her SQL operators and keywords into the database [2]. This infers that an SQL injection is a vulnerability in an application through which an attacker arbitrarily infuses pieces of malicious data into input fields of an application, which when operated by the application, executes the input data as a piece of code at the back end server. Consequently, it results to undesired outcomes which application developers do not anticipate [2, 3]. SQL injection has a characteristic known as injection attack mechanism [2] which identifies how SQL injection occurs. Injection mechanism entails the input mechanisms tha t attackers use to break into the database back end. Some of the common input mechanisms include injection via user input. Normally, SQL injection attacks targeting web applications will target the input form submissions through the HTTP POST or GET requests [3].Besides web submissions, the attackers could as well induce SQL injection through cookies. Cookies are special files responsible for maintaining application-generated information which is stored on client machines [3]. It gives the client control over this information and an attacker can perform malicious processes or activities on contents of the cookies. Incase the cookie contents are used in building SQL queries, it gives the attacker a window of submitting an attack embedded in the cookie [4]. Likewise also, the attacker can exploit server variables. Server variables include network headers, environmental variables and HTTP. These variables are used in identifying logging usage statistics besides browsing trends. Becaus e of their sensitivity, if they are used to log into the database without sanitization, they are likely to create SQL injection vulnerability [5].There are different SQL injection attacks and strategies. Normally, they are not executed in isolation but instead, most of them are used serially according to the intent of the attacker [2]. Moreover, there exist multiple variations of every attack variation. Some of these SQL injection attacks include; tautologies. These attacks are induced with the intention of undermining authentication in order to discover parameters to be injected, offering leeway for extracting data [7]. A tautology based attack works through injecting conditional statement so that their evaluation outcome is ever true. The consequences associated with this attack depend on the use of the outcome from queries within a target application. In most cases, tautology attacks are used to bypass authentication and extraction of data [2]. For instance, an attacker can explo it an injectable "WHERE" conditional query statement. Turning the "WHERE" conditional query into a tautology, results to returning all the table rows targeted by the tautology conditional. The tautology based attacker takes the vulnerable parameters and the code constructs so that the returned results can be of benefit to gaining access into the database [7].On the other hand, the logically/illegal incorrect queries SQL injection is induced to discover injectable/vulnerable parameters, perform database finger-printing and extract data. This attack grants the attacker a leeway of gathering crucial information about the structure and type of backend database used by web application [2]. This attack is considered a forerunner for major attacks by exploiting on the vulnerability leveraged even from a default error. This is possible because the extra error information generated by the error page, to aid developers debug/correct the errors, gives attackers information concerning the back- end database schema [2]. The attacker injects lines of codes that influence or cause type conversion, logical error or syntax error into the database. Syntax errors identify vulnerable parameters while type errors deduce the data types of target columns or it can extract data as well. Logical errors are used to reveal table names and specific columns responsible for the error [6].In order to help developers deal with injectable loop-holes, research has found out some testing and detection methods to be used during the development phase of an application. One of the commonly used testing techniques is the Black Box Testing [2]. According to Haung and friends [8] a black box technique known as WAVES is used in testing developed web applications for SQL injection vulnerabilities. This technique leverages a Web crawler as a means of identifying all potential points in a web application which are likely to be exploited to inject SQL injection attacks. The technique then creates attacks targeting such points based on a particular list of attack techniques and patterns. Besides this, WAVES is designed to monitor the response of an application to attacks and improves its attack methodology by machine learning techniques. In spite of its machine learning approach in testing injectable points, it can not guarantee completeness [2].CANDID is a very reliable SQL injection tool that modifies Java written web applications using a program transformation. It works through mining the programmer's intended input query structure and detects SQL injection attacks through comparison with the structure of the actual issued query [9]. It is a natural and simple approach towards detection of SQL injection attacks. Similarly, AMNESIA is another tool used in detection of SQL injection attacks and it works by combining runtime monitoring and static analysis [10]. It begins with the static phase where the tool develops models of various kinds of queries which the target application can generate at any time whenever the database is accessed. In order to counter any sabotage to queries, queries go through early interception (checked against statically built models) in the dynamic phase before being sent to the database. At this point, all queries suspected to violate query structures are prevented from accessing the database. Although it is a good tool, it is not reliable because it depends on the accuracy of static analysis to be able to build effective query models.Another detection and prevention mechanism is the SQLPrevent which comprises an HTTP request interceptor. After SQLPrevent is executed into a web server, original data flow is altered. The current-local thread saves all the HTTP request and SQL interceptor stops the SQL statements made by web applications to pass them ...

Pompeys Favor of the Senate Over Julius Caesar - Free Essay Example

Pompey was a Roman general who played a major part during the time of the First Triumvirate and the rise of Julius Caesar. He was an active participant in Roman politics, in which he controlled the food supply and conquered many foreign regions in the name of Rome (Woolf, 139). During his lifetime, he created tense relationships with both the Senate and with Julius Caesar. With the threat of civil war due to conflicts with Caesar, Pompey had to make a choice: side with Caesar, or side with the Senate. He decided the right choice was to side with the latter. Pompey had justified reasons to support his choice to go against Caesar such as he had family ties related to the Senate, they shared a fear of Caesars success, and his previous relations in the Roman government. One reason was that, Pompey had family ties that were related to the Senate. This allowed him to obtain special commands that benefited both him and the Senate (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?).Pompey had been born into a family that was in the senatorial class, due to his father Gnaeus Pompeius Strabo (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). His family was particularly powerful in Picenum, which was a region that was east of Rome (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). This allowed the family to have clients to create their own private army, which they used to side with Marius during his war versus Sulla, the dictator of Rome at the time. (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). So when Gnaeus passed away, Pompey was able to obtain this private army, and his familys land which he put to good use. (Wha len, Sandvick. What Was the Contribution of Pompey the Great to Roman History?) He first switched sides of the war and became a lieutenant of Sulla (Coolidge, 16). When Sulla passed away, Pompey was in a position where he could go into dictatorship over Rome (Coolidge, 16). To the Senates relief, he declined the offer (Coolidge, 16). The opposition to his attempted dictatorship pleased the Senate, who greatly disliked the idea of a single ruler (Coolidge, 16). Pompey was also able to use his private army to get special commands from the Senate (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). In Spain he was able to end the rule of Sertorius (Wasson First Triumvirate). This allowed him to conquer and effectively lead Spain (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). This conquering benefitted both Pompey and the Senate, for it was the first time Rome had been able to rule the country (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). Later, he was also able to conquer Syria, Pontus, and Bithynia, all of which were turned into Roman provinces (Lloyd, Pompey). This greatly pleased the Senate, who gave more commands to Pompey in return (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). Pompeys second great success was being a part of the forming of the Annona, which was the supply of free grain for the Roman people (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). He had created a system where grain from Sicily, Egypt, and areas of North Africa was to be transported by sea, and then distributed to the people of Rome (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). Pompey was able to use this accomplishment as a way to gain support in the city, and for social stability (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). The Senate used the Annona as a way to benefit Romes economy, their society, and even their political system (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). Both the Senate and Pompey had a shared fear and jealousy of what Julius Caesar had done. The Senate was an oligarchy and heavily disliked the idea of having a single, all-powerful ruler (Lendering, Gaius Julius Caesar: Constitutional Problems.). They were worried that Caesar may try to take over Rome and rule as a dictator (Lendering, Gaius Julius Caesar: Constitutional Problems.). This had already happened previously, with Sulla taking complete control over the Republic (Lloyd, Pompey). Caesar had experienced great success in conquering Gaul and other neighboring regions (Lendering, Gaius Julius Caesar: Constitutional Problems.). This caused Pompey to become jealous, for he had been one of the most successful generals in ancient Rome (Lloyd, Pompey). He also had a very unstable relationship with Julius Caesar due to marriage between their families (Wasson, First Triumvirate). To create an alliance between the two Pompey married Caesars daughter, Julia, as part of a political move (Woolf, 141). There was peace between them until Julia Caesar died, causing their political links to be damaged, and Caesar and Pompey starting to go their separate ways (Woolf, 141). Pompey also had previous relations to the Senate. Due to his former successes with the conquering of the East, in 70 CE Pompey was able to start his first consulship with Crassus (Lloyd, Pompey). Initially, he was ineligible for this due to his young age and him not becoming a quaestor or praetor before his term (Lloyd, Pompey). However, the Senate overlooked the rules and allowed Pompey to become consul (Lloyd, Pompey). When he returned from Spain he realized that the Senate was failing, and decided to turn it around by using his power to lower its responsibilities (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). During this time, he had been chosen by the Senate to take control of the piracy situation and Romes food supply (Whalen, Sandvick. What was the contribution of Pompey the Great to Roman history?). His creation of the Gabinian Law in 67 CE allowed him to oppose the piracy that was occurring in the Mediterranean, which raised Romes corn s upply (Wasson, First Triumvirate). After this success, he returned and demanded that his army be given land (Lloyd, Pompey). His idea seemed logical, for no one wanted the unemployed veterans in the city, but the Senate disapproved (Lloyd, Pompey). This helped form the First Triumvirate with Julius Caesar and another power in the Roman government, Crassus, were Pompeys only mission was to obtain this land for his soldiers (Lloyd, Pompey). Through this rule he was able to achieve this land (Lloyd, Pompey). But the triumvirate started to fall apart, so Pompey decided to return to a joint consulship with Crassus, and he became governor of Spain (Lloyd, Pompey). The triumvirate was further damaged when Crassus died, leaving Pompey on his own (Lloyd, Pompey). When Caesar decided to return to Rome, he requested consulship, which both the Senate and Pompey declined (Lloyd, Pompey). Instead, the Senate named Pompey consul with the support of Cato, who was a leader in government at the time (Lloyd, Pompey). This lead to the complete destruction of the relationship between Caesar and Pompey (Lloyd, Pompey). In conclusion, Pompey had justified reasons to side with the Senate and to go against Caesar. Pompey and the Senate were able to join forces due to their shared jealousy and hatred over Julius Caesar, how Pompey had been apart of the Senate before, and how Pompey had family ties to the Senate which allowed him to improve Rome. Unfortunately, this alliance between powers failed. Pompey was killed when escaping from his defeat, and with his death caused the end of the oligarchy era in Rome (Wasson, First Triumvirate). Pompeys decision of choosing the Senate would affect how Rome was governed for the rest of the empires reign.