Assignment 13A - Security
Objectives
Learn about database security
Assignment
You will be doing a paper for this assignment. The paper consists of 2 parts; one is the hacker, the other is the defender.
Part 1 - Hacker: For the first part you need to investigate and plan a SQL injection attack. A simple article on SQL injection is here - http://www.w3schools.com/sql/sql_injection.asp The goal of a planned attack is to penetrate the database and get a list of all users and passwords. In your paper as the hacker you will describe the method and technique you will use.
Part 2 - Defender: You are expecting plenty of SQL injection attacks and you will outline how you will defend these attacks. In addition the hackers are quite likely to use any backdoor channel that they can find. You need to ensure that these are hardened. Please document all these steps in your plan.
Information
Learn about SQL Injection here - http://www.w3schools.com/sql/sql_injection.asp
Estimated Completion Time
About 5-10 hours
Supporting Lectures
Topic - Security and SQL Injection
Questions and Answers
There are a lot more ways to hack a DB system other than SQL Injection. Even though the assignment does not require it, I recommend you at least watch and get all the information from the DB hardening lecture.
External Resources
http://www.w3schools.com/sql/sql_injection.asp
Grading Criteria
A good hacker plan is worth 4
A solid plan of defense is worth 6
Comments (0)
You don't have permission to comment on this page.