Abstract
SQL Injection is not a strange word for developers, maintainers and users of Web applications. It has haunted for more than 25 years since discovered and classified in 2002. Even into the Cloud era, SQL Injection is still the biggest risk of internet according to statics. Virtualization technology used by Cloud such as SaaS, PaaS and IaaS failed to provide extra security against this kind of attack. In this paper we strive to explain how to perform SQL Injection attacks in Cloud, in order to explain the mechanism and principles of it.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Chandrashekhar, R., Mardithaya, M., Thilagam, S.: SQL injection attack mechanisms and prevention techniques. In: Advanced Computing, Networking and Security, pp. 524–533. Springer, Heidelberg (2012)
Anley, C.: Advanced SQL injection in SQL server applications. NGS Software Insight Security Research Publication (2002)
OWASP Foundation: OWASP Top 10 – 2017 The Ten Most Critical Web Application Security Risks. www.owasp.org (2018)
Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures. In: Proceedings of the IEEE International Symposium on Secure Software Engineering, pp. 13–15 (2006)
Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9(2), 50–57 (2011)
Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: IEEE Grid Computing Environments Workshop, pp. 1–10 (2008)
Yang, J.Q., Wang, Z.J., Xiao, F., Wang, Y.: A method of employing self-destructing data in object-relational mapping files. J. Harbin Univ. Commer. (Nat. Sci. Ed.) 32(2), 203–211 (2016)
Kieyzun, A., Guo, P.J., Jayaraman, K., Ernst, M.D.: Automatic creation of SQL injection and cross-site scripting attacks. In: IEEE Proceedings of the 31st International Conference on Software Engineering, pp. 199–209 (2009)
Kelbley, J., Sterling, M., Stewart, A.: Windows Server 2008 Hyper-V: Insider’s Guide to Microsoft’s Hypervisor. Wiley, Hoboken (2008)
Chen, J.M., Wu, C.L.: An automated vulnerability scanner for injection attack based on injection point. IEEE International Computer Symposium (ICS), pp. 113–118 (2010)
Cerrudo, C.: Manipulating Microsoft SQL Server Using SQL Injection. Application Security White Paper (2002)
Velte, A., Velte, T.: Microsoft Virtualization with Hyper-V. McGraw-Hill, Inc., New York (2009)
Hinchcliffe, D.: Comparing Amazon’s and Google’s Platform-as-a-Service (PaaS) Offerings. Enterprise Web 2.0 ZDNet.com (2008)
Wright, P.: “The Cloud” and Privileged Access. Protecting Oracle Database 12c, pp. 285–293. Apress, Berkeley (2014)
Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically hardening web applications using precise tainting. In: IFIP International Information Security Conference, pp. 295–307. Springer, Boston (2005)
Acknowledgments
This paper was supported by the Fundamental Research Funds for the Central Universities (2016B14014), the Six Talent Peaks Project in Jiangsu Province (RJFW-032), and the Priority Academic Program Development of Jiangsu Higher Education Institutions (PAPD).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Fu, X., Wang, Z., Chen, Y., Chen, Y., Wu, H. (2019). SQL Injection in Cloud: An Actual Case Study. In: Xhafa, F., Leu, FY., Ficco, M., Yang, CT. (eds) Advances on P2P, Parallel, Grid, Cloud and Internet Computing. 3PGCIC 2018. Lecture Notes on Data Engineering and Communications Technologies, vol 24. Springer, Cham. https://doi.org/10.1007/978-3-030-02607-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-02607-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02606-6
Online ISBN: 978-3-030-02607-3
eBook Packages: EngineeringEngineering (R0)