Research SQL Injection attacks on the Internet to supplement

Research SQL Injection attacks on the Internet to supplement your existing knowledge.  

Answer the following : 200 words or maybe 1-2 pages

1) A non-technical description of SQL injection vulnerabilities intended for College management ?

2) The threat that SQL injection poses to the university’s data. Include three possible scenarios that describe how an attacker might conduct this type of attack, the information that they may be able to obtain, and how they might use it maliciously.

3) An implementation plan to fortify the college’s Web applications against SQL injection attack

4) A monitoring plan that will provide:

--Early warning to developers and security administrators that a SQL injection vulnerability exists in a Web application

--Detection of successful and unsuccessful attempts to conduct SQL injection attacks against college systems

Solution

1) SQL is used to maintain the database of the organization data. if talking about collage data from student id to every small information regarding every employee and students present in the respective collage has to be maintained somewhere so if the data needed it can be easily fetched without any difficulty.SQL injection is logically a code injection technique used to attack the data present in the database .It is said that the actual loss is not if money is gone but if the information or data is vanished or accessed by unknown authority they surely can make more damage to anyone.so therefore it is important to save the respective data in a secure way so no outsider can access as well as modify the data in its own way.

2)the threat is like code injection technique, which is used to attack data-driven applications, in which the uneven SQL statements are inserted into an entry field for execution and the action is being performed silently.

eg \"command dumb all the database content\": means all the data is being deleted by an unknown outsider .

\" make a copy of orignal data and send \" : the actual data is being copied and automatically gets transferred to the attacker waiting outside.

3)

SQL injection is a basic technique, here malicious users can inject SQL commands into SQL statement, with the help of web page input.

the Injected SQL commands by the attacker can alter SQL statement and fail the security of a web application.so there must be certain measure that any command when inserted should take a while to process and some undo operation should also present like if some upserd command got activated and all the important data got lost or hacked the org. should have a backup plan to retrieve that data or some kind of undo operation so the action performed can be undone by some means or other.

4)the logic for monitering traffic is best or tracking the traffic some security measure that no outsider have the permission access any data only the members or the related members with the org. can view the data and authorized person can access the data and if any member wants to access any info then they should have a secre login id or password which must be unique and dynamically generated and for one time use only.