334 Chapter 14 ■ SQL Injection
All of these technologies are powerful and offer the ability to generate web applications
that are extremely versatile. Each also has vulnerabilities that can lead to them being
compromised, but this chapter is not about those. This chapter, like SQL injection, is
designed to target the code that is used to make the technologies access a database as part
of its functioning. This code, when incorrectly crafted, can be scrutinized and result in
vulnerabilities uncovered and exploited.It may seem as if exploiting vulnerabilities in code is an easy thing to do,
but in reality it is nowhere near an easy task. In the case of SQL injection,
understanding the nuances and intricacies is key to taking advantage of
weaknesses and flaws in code.Databases and Their Vulnerabilities
Since ultimately an attacker is going after the information contained in a database, you
must have a good understanding of databases. Databases store data such as configuration
information, application data, and other information of all shapes and sizes. An attacker
who can successfully locate a vulnerable database will find it a tempting target to pursue.
In today’s environment databases form the heart of many web apps. Commonly used
applications such as Microsoft SharePoint and others use databases as the nucleus of their
structure. In fact, a majority of web apps would not function without a database as their
back-end.A Look at Databases
For all of its complexities, a database can be described as simply a hierarchical, structured
format for storing information for later retrieval, modification, management, and other
purposes. The types of information that can be stored within this format vary, but the goal
is still the same: storage and retrieval.
Databases are typically categorized based on how they store their data. These types
include the following:Relational Database With a relational database, data can be organized and accessed in
various ways as appropriate for the situation. For example, a data set containing all the cus-
tomer orders in a table can be grouped by the zip code in which the transaction occurred,
by the sale price, by the buyer’s company name, and so on.Distributed Database A distributed database is designed to be dispersed or replicated
between different locations across a network.Object-oriented Programming Database An object-oriented programming database is
built around data-defined object classes and subclasses.Within a database are several structures designed to organize and structure information.
Each structure allows the data to be easily managed, queried, and retrieved: