Qb5 Sql Injection Attacks Sql Injection Attacks Almost Completely Preventable Generally Li Q43857968
Please answer Q.B5 In relation to Cyber security
Q.B5 SQL Injection Attacks SQL injection attacks are almost completely preventable and are generally limited to unauthorised access to database data. Given that this is the case, evaluate how seriously businesses and other organisations ought to take them as a security threat. a) (15 marks) A web application accepts a value entered by the user and uses it to construct an SQL query. The query is shown below, with the variables $user and $cat embedded in it. $user is the identifier of the currently logged in user, derived from the session data, but $cat contains whatever value the user has entered into a web form. SELECT * FROM table WHERE owner=’ $user’ AND category=’ $cat’ b) Give an example value the user could enter to perform an SQL injection attack, explaining what the attack would hope to achieve. (7 marks) c) Evaluate the quality of this web application if such an attack were able to succeed giving details of exactly what it would be failing to do in that case, and how a better application could have been written. (8 marks) (30 marks in total) Show transcribed image text Q.B5 SQL Injection Attacks SQL injection attacks are almost completely preventable and are generally limited to unauthorised access to database data. Given that this is the case, evaluate how seriously businesses and other organisations ought to take them as a security threat. a) (15 marks) A web application accepts a value entered by the user and uses it to construct an SQL query. The query is shown below, with the variables $user and $cat embedded in it. $user is the identifier of the currently logged in user, derived from the session data, but $cat contains whatever value the user has entered into a web form. SELECT * FROM table WHERE owner=’ $user’ AND category=’ $cat’ b) Give an example value the user could enter to perform an SQL injection attack, explaining what the attack would hope to achieve. (7 marks) c) Evaluate the quality of this web application if such an attack were able to succeed giving details of exactly what it would be failing to do in that case, and how a better application could have been written. (8 marks) (30 marks in total)
Expert Answer
Answer to Q.B5 SQL Injection Attacks SQL injection attacks are almost completely preventable and are generally limited to unauthor…
OR