CYS Short paper M3.7

Introduction

Validating the entry points of a website is essential, as invalidated input can result in a number of security threats. In this activity, you will analyze one such threat caused by improper input validation.

Instructions

Please address the following in a 1-2 page short paper. A minimum of 100 words for each answer is required.

1. State how the code below can be subjected to SQL Injection Attack to bypass the login mechanism.

try {  String sql = “SELECT * FROM employee WHERE username = ‘”  + username.text +  “‘ AND password = ‘” + pwd.text+ “‘”;  Statement stmt = con.createStatement();  ResultSet rs = stmt.executeQuery(sql); }

The set of statements above are used for authenticating the user during the login process.

2. Analyze the following SQL statement and state how the hacker can manipulate the given query to access confidential information from the website, such as users details (username, password, credit card details, etc.) from a simple select statement commonly used in the website search text box.

Search for products text box

Select * from items where item_name Like itemTextbox.text;

Evaluation

This assignment is due Sunday by 11:59 PM ET.  Short Papers are worth 35% of your final grade and are assessed using the Short Paper Rubric