The Anatomy of a Web Application

A web application is the target of a SQL injection attack, so you must understand how these apps work. A web app can be described simply as as application that is accessed through a web browser or application (such as the apps on a smartphone). However, we need to be a little more detailed with our description for you to better understand SQL injection. In essence, a web application works by performing these steps:

  1. The user server makes a request through the web browser from the internet to the web server.
  2. The web server accepts the request and forward it to the applicable web application server.
  3. The web application server performs the requested task.
  4. The web application accesses the entire database available and responds to the web server.
  5. The requested information appears on the user’s monitor.

The Details involved in these steps can change depending on the application involved.

 

Server-Side vs. Client-Side Technologies

First, let’s look at the type of technologies involved I browsing and working with the web. They mainly fall into two areas: client-side and server-side technologies. Server-side technologies are those that run and are executed on the server itself before delivering information to the requester. Client-side technologies are those that run within the browser or somewhere on the client side. For the purpose of our discussion, we will not be covering client-side technologies here.

Server-side technologies come in many varieties and types, each of which offers something specific to the user. Generally, each of the technologies allows the creation of dynamic and data-driven web application. You can use a wide range of server-side technologies to create these types of web applications; among them are the following:

  • ASP
  • NET
  • Oracle
  • PHP
  • JSP
  • SQL Server
  • IBM DB2
  • MySQL
  • Ruby on Rails

All of these technologies are powerful and offer the ability to generate web application that are extremely versatile. Each also has vulnerabilities that can lead to it being compromised, but this article is not about those. Like SQL injection is designed to target the code that is used to make the technologies access a database as part of its functioning. This code, when incorrectly crafted, can be scrutinized and result in vulnerabilities being uncovered and exploited.

 

NOTE:- It may seem as if exploiting vulnerabilities in code is an easy thing to do, but in reality it is nowwhere near as easy task. In the case of SQL injection, Understanding the nauces and intricacies is the key taking advantages of weaknesses and flaws in the code.

 

Warning: – Don’t forget one of the most prized pieces of information that can be obtained through SQL injection, personally identifiable information (Pll).

Be aware of what you are storing in the database and its sensitive. Store only those things that need to be stored and nothing else. If you don’t have a reason to store credit card data, don’t if you don’t have a reason to ask for Social Security numbers, don’t! storing this information places huge amounts of responsiblilty and liability on your shoulders should you lose control of it to an unauthorized third party.

Add a Comment