First Advisor
Eugster, Ernest
Second Advisor
Ina, Donald J.
Third Advisor
Birkenheuer, Nancy
College
College for Professional Studies
Degree Name
MS Software and Information Systems
School
School of Computer & Information Science
Document Type
Thesis - Open Access
Number of Pages
251 pages
Abstract
This study involved the development and subsequent use of a bespoke SQL Injection vulnerability scanner to analyze a set of unique approaches to common tasks, identified by conducting interviews with developers of high-traffic Web sites. The vulnerability scanner was developed to address many recognized shortcomings in existing scanning software, principal among which were the requirements for a comprehensive yet lightweight solution, with which to quickly test targeted aspects of online applications; and a scriptable, Linux-based system. Emulations of each approach were built, using PHP and MySQL, which were then analyzed with the aid of the bespoke scanner. All discovered vulnerabilities were resolved and despite the variety of approaches to securing online applications, adopted by those interviewed; a small number of root causes of SQL Injection vulnerabilities were identified. This allowed a SQL injection security checklist to be compiled to facilitate developers in identifying insecure practices prior to an online application's initial release and following any modifications or upgrades.
Date of Award
Summer 2010
Location (Creation)
Colorado (state); Denver (county); Denver (inhabited place)
Copyright
© Evan Ryder
Rights Statement
All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials. It is available only for research purposes and may not be used in violation of copyright laws or for unlawful purposes. The materials may not be downloaded in whole or in part without permission of the copyright holder or as otherwise authorized in the “fair use” standards of the U.S. copyright laws and regulations.
Recommended Citation
Ryder, Evan, "Sql Injection Attacks and Countermeasures: a Survey of Website Development Practices" (2010). Regis University Student Publications (comprehensive collection). 308.
https://epublications.regis.edu/theses/308