Sign In
Not register? Register Now!
Essay Available:
Pages:
7 pages/≈1925 words
Sources:
6 Sources
Style:
APA
Subject:
Business & Marketing
Type:
Essay
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 34.02
Topic:

Structured Query Language (SQL) Injection and its Background

Essay Instructions:

The purpose of this paper is to profile type of cyber threat to an organization or industry in order to better understand how and why it is a threat and what a given organization can do to remediate such threats. You may choose to profile any type of cyber threat, even one covered in this course. However, you are expected to review and cite supporting materials outside of the content provided by the instructor of this course.
The following are the tasks that students are expected to accomplish within the completion of this project:
Tasks:
5 major tasks to be accomplished:
1. Students are to select a cyber threat of their own choosing - Do your research and be specific. For example, Phishing is a broad term for numerous types of similar threats. Do not provide a broad overview of a broadly defined threat type!
2. For the cyber threat selected, the following information should be researched:
a. Cyber Threat Background – What is it? Where did it come from? How prevalent is it at present? Ensure the reader is familiar with your chosen topic.
b. Discussion of how an organization can be susceptible to this type of threat. What kind of vulnerabilities does it exploit? Who is most at risk? Why?
c. Many organizations may be at risk to this type of threat. Discuss a generic (or specific if you would like to detail one particular industry type) mitigation strategy that can be used to quickly identify and stop an attack of this type. Be specific!
3. Based on this research, students should develop a 5-10 page double-spaced paper profiling their chosen cyber threat type for submission drawing on extant literature (News, blogs, academic papers, company websites etc.)
4. Include the following in the final submission:
a. 5-10 page double-spaced paper – References and photos/charts/graphs do not count toward the page limit
b. Include both in-text citations and references list at the end of the paper – APA/MLA or Chicago style formatting is acceptable
c. Professional Cover Page
d. Professional formatting – Proper Sentences, paragraphs, grammar, spelling etc. – The entire paper should not consist of bullet points
5. Submit the final draft by the assigned due date listed on Canvas

Essay Sample Content Preview:

SQL Injection
Student’s Name
Institution
Course Number and Name
Instructor’s Name
Date
SQL Injection
Introduction
The advancement of technology has brought it with itself numerous cyber risks that threaten the operations of modern companies. Having a comprehensive defense mechanism is an essential practice for modern firms given that the collection and storage of data, some of which may be personal, is part of the business. Given that the data stored by such companies are of value, it can be vulnerable to numerous forms of cyberattacks. It is therefore essential that an organization is not only aware of all the cyber threats it faces but it also puts in place relevant defense mechanisms. One type of cyber threat that an organization can be susceptible to is Structured Query Language (SQL) injection, which is characterized by attackers inserting malicious SQL statements in databases in order to exploit and take advantage of the vulnerabilities that exist in a website (Malwarebytes, n.d.). This paper examines the background of the attack, how an organization can be susceptible to it, and mitigation strategies that can be employed to stop it.
Background of SQL Injection
SQL injection is a type of cyber-attack where hackers enter predefined commands into web forms such as the log-in field and search field on vulnerable websites (Malwarebytes, n.d.). When an SQL injection becomes successful, the attacker can access sensitive data from the website, update, insert, or delete database data, perform administrative tasks, and even recover the content of files present in a database management system (Nicholson, 2017). SQL injection has quite an extensive history. It is important to recognize first that while the SQL programming language was created in the early 1970s, it is still being used presently in the management of databases online. While SQL came to light in the 1970s, SQL injection attack was first documented by a hacker and cyber security expert, Jeff Forristal, in 1998, in an article in a digital periodical called Phrack (Malwarebytes, n.d.). In the article, Forristal described how a person with basic coding skills can set up malicious commands into SQL commands that are legitimate and retrieve information from the database of a vulnerable website. When the author informed Microsoft how the vulnerability could affect the company’s product, the company did not see it as a problem. As pointed out by Nicholson (2017), the article by Forristal became the starting point for research surrounding SQL injection. With Microsoft denying the vulnerability of its product, writing under the name Rainforest Puppy, Forristal sought to prove the company wrong and demonstrated in an article how he circumvented barriers to SQL injection. As noted by Nicholson (2017), the article by Rainforest Puppy was the first to demonstrate a successful attack through SQL injection and it showed that it was quite easy to bypass the security features of databases.
While SQL injection attack came to light in 1998, it still poses a major threat to organizations and many companies in the recent past have been its victims. As reported by Cox (2015), SQL injection was used in 2015 to attack TalkTalk and gain access to the pe...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order

You Might Also Like Other Topics Related to language essays:

HIRE A WRITER FROM $11.95 / PAGE
ORDER WITH 15% DISCOUNT!
Order Now