Show simple item record

dc.contributor.advisorChow, Edward
dc.contributor.authorKilaru, Divya
dc.contributor.committeememberChang, Sang-Yoon
dc.contributor.committeememberZhuang, Yanyan
dc.date.accessioned2017-12-28T17:21:21Z
dc.date.available2017-12-28T17:21:21Z
dc.date.submitted2017-12
dc.descriptionIncludes bibliographical references.
dc.description.abstractIn this thesis, we investigate how SQL injection attacks occur and how to patch a web app with the SQL injection vulnerability. Various SQL injection tools are evaluated for their functionalities and capabilities. A python web app utilized FlaskApp with MySQL API support was created with common web security and SQL injection vulnerability. We demonstrate a simple malicious string can be used to reveal the password table content. A secure design pattern was introduced where the lack of input validation and the generic nature of the SQL query were discovered in the web app. Patches were performed to secure the app.
dc.identifierKilaru_uccs_0892N_10293.pdf
dc.identifier.urihttps://hdl.handle.net/10976/166750
dc.languageEnglish
dc.publisherUniversity of Colorado Colorado Springs. Kraemer Family Library
dc.relation.ispartofTheses
dc.rightsCopyright of the original work is retained by the author.
dc.titleImproving Techniques for SQL Injection Defenses
dc.typeText
dcterms.cdm.subcollectionComputer Science
thesis.degree.disciplineCollege of Engineering and Applied Science-Computer Science
thesis.degree.grantorUniversity of Colorado Colorado Springs
thesis.degree.levelMasters
thesis.degree.nameMaster of Science (M.S.)


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record