Abstract
In today’s electronic world where data is accessed through internet, intranet, and extranet, the security of the information is an important issue. Buffer overflow attack in software and SQL injection attack in web application are the two main attacks which are explained in this paper with the aim to make user understand that how unintentional flaws get injected, how these flaws lead to vulnerabilities, and how these vulnerabilities are exploited by the attackers. In this paper, the real-time attack example is also shown with its screenshots step by step.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsRefrences
Stamp M (2006) Information security principles and practices. Wiley, Hoboken, NJ
Cowan C, Wagle P, Pu C, Beattie S, Walpole J Buffer overflows: attacks and defenses for the vulnerability of the decade. In: Proceedings of DARPA information survivability conference and expo (DISCEX)
Foster JC, Osipov V, Bhalla N, Heinen N (2005) Buffer overflow attacks detect, exploit, prevent. Syngress Publishing Inc., Rockland
Shaneck M (2003) An overview of buffer overflow vulnerabilities and internet worms. In: CSCI, 10 Dec 2003
Kak A (2015) Buffer overflow attack. In: Lecture Notes on Computer and Network Security, Purdue University, 2 April 2015
“Buffer-Overflow Vulnerabilities and Attacks”, in Lecture Notes, Syracuse University. http://www.cis.syr.edu/~wedu/Teaching/CompSec/LectureNotes_New/Buffer_Overflow.pdf
Halfond WGJ, Viegas J, Orso A (2006) A classification of SQL injection attacks and countermeasures. In: Proceedings of the international symposium on secure software engineering, Mar 2006
Halfond WGJ, Orso A (2005) Combining static analysis and runtime monitoring to counter SQL-injection attacks. In: Proceedings of the international workshop on dynamic analysis (WODA), May 2005
Halfond WGJ, Anand S, Orso A (2009) Precise interface identification to improve testing and analysis of web applications. In: Proceedings of the international symposium on software testing and analysis (STA), July 2009
Boyd SW, Keromytis AD (2004) SQLrand: preventing SQL injection attacks. In: Lecture Notes in Computer Science, vol 3089. Springer, pp 292–302
Dougherty C (2012) Practical identification of SQL injection vulnerabilities, Carnegie Mellon University. Produced for US-CERT, a government organization, 2012
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Khurana, M., Yadav, R., Kumari, M. (2018). Buffer Overflow and SQL Injection: To Remotely Attack and Access Information. In: Bokhari, M., Agrawal, N., Saini, D. (eds) Cyber Security. Advances in Intelligent Systems and Computing, vol 729. Springer, Singapore. https://doi.org/10.1007/978-981-10-8536-9_30
Download citation
DOI: https://doi.org/10.1007/978-981-10-8536-9_30
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8535-2
Online ISBN: 978-981-10-8536-9
eBook Packages: EngineeringEngineering (R0)