Skip to main content
SpringerLink
Log in

Connection String Parameter Pollution Attacks

  • Conference paper
Book cover Web Application Security (IBWAS 2009)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 72))

Included in the following conference series:

Abstract

In 2007 the classification of the ten most critical vulnerabilities for the security of a system establishes that code injection attacks are the second type of attack behind XSS attacks. Currently the code injection attacks are placed first in this ranking. In fact Most critical attacks are those that combine XSS techniques to access systems and code injection techniques to access the information. The potential damage associated with this type of threats, the total absence of background and the fact that the solution to mitigate this vulnerability must be implemented by systems administrators and the database vendors justify an in-depth analysis to estimate all the possible ways of implementation of this attack technique.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The Open Web Application Security Project, http://www.owasp.org

  2. Connection Strings.com, http://www.connectionstrings.com

  3. Ryan, W.: Using the Sql Connection String Builder to guard against Connection String Injection Attacks, http://msmvps.com/blogs/williamryan/archive/2006/01/15/81115.aspx

  4. Connection String Builder (ADO.NET), http://msdn.microsoft.com/en-us/library/ms254947.aspx

  5. Carettoni, L., di Paola, S.: HTTP Parameter Pollution, http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf

  6. Cain, http://www.oxid.it/cain.html

  7. ASP.NET Enterprise Manager in SourceForge, http://sourceforge.net/projects/asp-ent-man/

  8. ASP.NET Enterprise Manager in MyOpenSource, http://www.myopensource.org/internet/asp.net+enterprise+manager/download-review

  9. PHPMyAdmin, http://www.phpmyadmin.net/

  10. myLittleAdmin, http://www.mylittleadmin.com

  11. myLittleBackup, http://www.mylittlebackup.com

  12. myLittleTools, http://www.mylittletools.net

  13. Microsoft SQL Server Web Data Administrator, http://www.microsoft.com/downloads/details.aspx?FamilyID=c039a798-c57a-419e-acbc-2a332cb7f959&displaylang=en

    Google Scholar 

  14. Microsoft SQL Server Web Data Administrator in Codeplex project, http://www.codeplex.com/SqlWebAdmin

Download references

Author information

Authors and Affiliations

  1. Informatica64, S.L., Spain

    Chema Alonso, Manuel Fernandez & Alejandro Martín

  2. Universidad Rey Juan Carlos, Spain

    Antonio Guzmán

Authors
  1. Chema Alonso
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manuel Fernandez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alejandro Martín
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Antonio Guzmán
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. OWASP Portugal Ed. ISCTE, ISCTE-IUL Lisbon University Institute, Av. das Forças Armadas, 1649-026, Lisboa, Portugal

    Carlos Serrão

  2. Internet Security Auditors, OWASP Spain, C. Santander, 101. Edificio A. 2º, E-08030, Barcelona, Spain

    Vicente Aguilera Díaz

  3. OWASP Ireland, OWASP Global Education Committee, 23 The Chandler, Rathborne Village, Ashtown, Dublin 15 Co., Dublin, Ireland

    Fabio Cerullo

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alonso, C., Fernandez, M., Martín, A., Guzmán, A. (2010). Connection String Parameter Pollution Attacks. In: Serrão, C., Aguilera Díaz, V., Cerullo, F. (eds) Web Application Security. IBWAS 2009. Communications in Computer and Information Science, vol 72. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16120-9_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16120-9_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16119-3

  • Online ISBN: 978-3-642-16120-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation