A research in SQL injection.

Leung Siu Kuen.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 67-68).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Motivation --- p.1Chapter 1.1.1 --- A Story --- p.1Chapter 1.2 --- Overview --- p.2Chapter 1.2.1 --- Introduction of SQL Injection --- p.4Chapter 1.3 --- The importance of SQL Injection --- p.6Chapter 1.4 --- Thesis organization --- p.8Chapter 2 --- Background --- p.10Chapter 2.1 --- Flow of web applications using DBMS --- p.10Chapter 2.2 --- Structure of DBMS --- p.12Chapter 2.2.1 --- Tables --- p.12Chapter 2.2.2 --- Columns --- p.12Chapter 2.2.3 --- Rows --- p.12Chapter 2.3 --- SQL Syntax --- p.13Chapter 2.3.1 --- SELECT --- p.13Chapter 2.3.2 --- AND/OR --- p.14Chapter 2.3.3 --- INSERT --- p.15Chapter 2.3.4 --- UPDATE --- p.16Chapter 2.3.5 --- DELETE --- p.17Chapter 2.3.6 --- UNION --- p.18Chapter 3 --- Details of SQL Injection --- p.20Chapter 3.1 --- Basic SELECT Injection --- p.20Chapter 3.2 --- Advanced SELECT Injection --- p.23Chapter 3.2.1 --- Single Line Comment (--) --- p.23Chapter 3.2.2 --- Guessing the number of columns in a table --- p.23Chapter 3.2.3 --- Guessing the column name of a table (Easy one) --- p.26Chapter 3.2.4 --- Guessing the column name of a table (Difficult one) . --- p.27Chapter 3.3 --- UPDATE Injection --- p.29Chapter 3.4 --- Other Attacks --- p.30Chapter 4 --- Current Defenses --- p.32Chapter 4.1 --- Causes of SQL Injection attacks --- p.32Chapter 4.2 --- Defense Methods --- p.33Chapter 4.2.1 --- Defensive Programming --- p.34Chapter 4.2.2 --- hiding the error messages --- p.35Chapter 4.2.3 --- Filtering out the dangerous characters --- p.35Chapter 4.2.4 --- Using pre-complied SQL statements --- p.36Chapter 4.2.5 --- Checking for tautologies in SQL statements --- p.37Chapter 4.2.6 --- Instruction set randomization --- p.38Chapter 4.2.7 --- Building the query model --- p.40Chapter 5 --- Proposed Solution --- p.43Chapter 5.1 --- Introduction --- p.43Chapter 5.2 --- Natures of SQL Injection --- p.43Chapter 5.3 --- Our proposed system --- p.44Chapter 5.3.1 --- Features of the system --- p.44Chapter 5.3.2 --- Stage 1 - Checking with current signatures --- p.45Chapter 5.3.3 --- Stage 2 - SQL Server Query --- p.45Chapter 5.3.4 --- Stage 3 - Error Triggering --- p.46Chapter 5.3.5 --- Stage 4 - Alarm --- p.50Chapter 5.3.6 --- Stage 5 - Learning --- p.50Chapter 5.4 --- Examples --- p.51Chapter 5.4.1 --- Defensing BASIC SELECT Injection --- p.52Chapter 5.4.2 --- Defensing Advanced SELECT Injection --- p.52Chapter 5.4.3 --- Defensing UPDATE Injection --- p.57Chapter 5.5 --- Comparison --- p.59Chapter 6 --- Conclusion --- p.62Chapter A --- Commonly used table and column names --- p.64Chapter A.1 --- Commonly used table names for system management --- p.64Chapter A.2 --- Commonly used column names for password storage --- p.65Chapter A.3 --- Commonly used column names for username storage --- p.66Bibliography --- p.6