Presenter: Sayeed Sajal
Authors: Jeremiah Nicholls
Faculty Advisor: Sayeed Sajal
Institution: Utah Valley University
In this research study, we investigated the most common mistakes that allow for Injection attacks on databases. According to The Open Web Application Security Project (OWASP), injection attacks are the third most critical area to protect from, following broken access controls and cryptographic failures. With an incidence rate of 19 percent, according to the 2021 OWASP report, these are frequently manipulated database vulnerabilities. Here, we analyzed and compiled the common exploitable areas to understand how to prevent these attacks. By looking at several examples of how injection attacks will disrupt daily operations, the importance of protecting from these intrusions came into context. In this research, several hypothetical programs are presented to demonstrate a response of how the program could be compromised with an injection attack. Then, an analysis of the assets the attack would expose to the aggressor are detailed. Finally, the following methods are used to close the exploited vulnerabilities and sanitize user input to avoid abuse: user input does not pass through the interpreter, disallowing special characters in input fields, and setting appropriate scopes via the “LIMIT” function. These findings show the security of a database must not be an afterthought of the software design process. Valuable user and operational data are at substantial risk without implementing best practices. Implementing several easily implemented software designs, database corruption, disruption, and unauthorized access can be minimized sufficiently.