Jumat, 10 Juni 2011

Data Validation Testing

ORACLE TESTING

Web based PL/SQL applications are enabled by the PL/SQL Gateway - it is the component that translates web requests into
database queries. Oracle has developed a number of software implementations ranging from the early web listener product
to the Apache mod_plsql module to the XML Database (XDB) web server. All have their own quirks and issues, each of
which will be thoroughly investigated in this paper. Products that use the PL/SQL Gateway include, but are not limited to,
the Oracle HTTP Server, eBusiness Suite, Portal, HTMLDB, WebDB and Oracle Application Server.




  • this phase not use for akakom.ac.id because the web application not use oracle database system
MYSQL TESTING

SQL Injection vulnerabilities occur whenever input is used in the construction of a SQL query without being adequately
constrained or sanitized. The use of dynamic SQL (the construction of SQL queries by concatenation of strings) opens the
door to these vulnerabilities. SQL injection allows an attacker to access the SQL servers. It allows for the execution of SQL
code under the privileges of the user used to connect to the database.
MySQL server has a few particularities so that some exploits need to be specially customized for this application. That's the
subject of this section.

SQL SERVER TESTING

In this section some SQL Injection techniques that utilize specific features of Microsoft SQL Server will be discussed.

MS ACCESS TESTING

This article describes how to exploit SQL Injection vulnerabilities when the backend database is MS Access, in particular, the
article focuses on how to exploit Blind SQL Injection. After an initial introduction on the typical functions that are useful to
exploit a SQL Injection vulnerability, a method to exploit Blind SQL Injection will be discussed.

TESTING POSTGRESQL

In this paragraph, some SQL Injection techniques for PostgreSQL will be discussed. Keep in mind the following
characteristics:
• PHP Connector allows multiple statements to be executed by using ; as a statement separator
• SQL Statements can be truncated by appending the comment char: --.
• LIMIT and OFFSET can be used in a SELECT statement to retrieve a portion of the result set generated by the query
From here after, we assume that http://www.example.com/news.php?id=1 is vulnerable to SQL Injection attacks. 

1 komentar:

  1. Data Validation Security System
    Data Validation Security System - Pharmacies: Monitoring and recording of the environmental conditions of medical supplies storage Captemp.com.

    BalasHapus