Combating a Long-Standing Database Security Issue

Date

Author

By Marcia Faye
Akvile Kiskis

Akvile Kiskis (ITM ’19, M.A.S. CYF ’19), who was awarded a Foreign Affairs Information Technology Fellowship in 2017, has addressed a long-standing problem in database security in a paper published in the International Journal of Hyperconnectivity and the Internet of Things (Volume 3, Issue 2, 2019).

In “Why SQL Injection Attacks Are Still Plaguing Databases,” Kiskis summarizes what makes structured query language (SQL) injection attacks so difficult to eliminate. These attacks can allow an individual to gain complete access of a database that oftentimes contains sensitive information, placing consumers at high risk. In such an attack, malicious code is “injected” into the database, allowing for manipulation. SQL is the standard language for relational database management systems.   

Two key points of the paper are that injection attacks are considered to be the #1 web application security risk and that three categories of attacks exist, namely, first-order attacks, second-order attacks, and lateral attacks.