CSC309 TA: Sukwon Oh

Security

CSC309 TA: Sukwon Oh

Outline

¡ñ

¡ñ

¡ñ

¡ñ

¡ñ

¡ñ

SQL Injection

NoSQL Injection (MongoDB)

Same Origin Policy

XSSI

XSS

CSRF (XSRF)

SQL Injection

What is SQLI?

¡ñ Malicious user input is injected into SQL

statements and evaluated by RDBMS

SQL Injection

SQL stmts consists of 2 things:

¡ñ control structure

¡ð SELECT, INSERT, WHERE, DELETE, ¡­

¡ñ data values

¡ð 1, 2, 3, ¡­, ¡°str1¡±, ¡°str2¡±, ¡°str3¡±, ¡­

SQL Injection

Web applications typically contain control part

of SQL statements

sql_query = "SELECT pizza, toppings, quantity, order_day " +

"FROM orders " +

"WHERE userid=" + session.getCurrentUserId() + " " +

"AND order_month=" + request.getParameter("month");

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.