SQL Injections

Contributed by Miguel Vega.

From January 2011 through March 2014, four men were able to persistently hack into Microsoft, Valve, the U.S. Army and several other corporations and steal around $100 million dollars’ worth of intellectual property. The cyber theft included source code for the then, unreleased, Xbox One gaming console, source code for Call of Duty Modern Warfare 3 and Gears of War 3, and Apache Helicopter Training Software (Reilly, 2014). According to the FBI, the hackers were able to infiltrate the victim’s networks using stolen credentials obtained via SQL injections. Had they been unsuccessful at this stage, the entire hack and $200 million in losses would have been prevented. These types of attacks have proven to be very effective in the way of data extraction because of their nature to directly query a database for the information of an attackers choosing. Because the best way to defend against any enemy, whether it be a biological virus, cyber-attack or even a sports rival, is by learning its behavior, the following document attempts to explain SQL injections in terms of types, application and mitigation.

This document is in PDF format. To view it click here.

Rate this article: 
Average: 3.5 (4 votes)