Improving Techniques for SQL Injection Defenses
In this thesis, we investigate how SQL injection attacks occur and how to patch a web app with the SQL injection vulnerability. Various SQL injection tools are evaluated for their functionalities and capabilities. A python web app utilized FlaskApp with MySQL API support was created with common web security and SQL injection vulnerability. We demonstrate a simple malicious string can be used to reveal the password table content. A secure design pattern was introduced where the lack of input validation and the generic nature of the SQL query were discovered in the web app. Patches were performed ...
(For more, see "View full record.")