Академический Документы
Профессиональный Документы
Культура Документы
Introduction
various dynamic content generation environments powering the World Wide Web are intended and designed precisely to provide more power to developers and greater convenience for end-users Security is thus an aspect that must be explicitly factored in by the system architects and developers, and is rarely effective as an afterthought
Introduction contd
These are the immediate means by which adversaries can affect the system, and are invariably subjected to stress during attempts to identify and exploit vulnerabilities The universal defense strategy against all related attacks is known as input validation. On a parallel level, security exposures are direct consequences of two main design errors:
An anti-Scripting measure of the cross site SQL injection
Security Issues
By the sheer virtue of providing access to resources on a server, insecure Java servlets derived from JSP pages can put at risk any or all of the server the clients accessing the pages, and through possible DDoS and worm distribution attacks, the entire Internet Validating input and controlling access to resources always need to be considered
SQL Injection
is subset of the an unverified/unsanitized user input vulnerability and the idea is to convince the application to run SQL code that was not intended (via web pages) Many web pages take parameters from web user, and make SQL query to the database. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else