| Popis: |
The main objective of the thesis is to create a list of SQL injection prevention tips for web applications. To achieve it, most popular RDBMS and their vulnerable parts in the context of SQL injection attack are examined. Error based, union based, out of band and blind SQL injection attacks are analyzed as well as the preconditions that lead to it. "Sqlmap", "jSQL Injection", "BBQSQL" tools for SQL injections are compared, various advantages and disadvantages of used tools are identified in the context of "OWASP DVWA", "OWASP Mutillidae 2" and "OWASP Juice Shop" web applications. After the investigation a list of recommendations for SQL injection prevention is provided. |
