Scribd
Upload
4 views2 pages

Term 3 Week 4 Lesson 1

The document discusses a database input error encountered by a user during account registration, highlighting potential SQL injection vulnerabilities and improper input validation. It outlines the risks associated with such vulnerabilities, including unauthorized database access and negative impacts on user experience. Additionally, it explains SQL commands used for data manipulation and the severe consequences of SQL injection attacks on confidentiality, authentication, authorization, and integrity.

Uploaded by

ayaan.saleheen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views2 pages

Term 3 Week 4 Lesson 1

The document discusses a database input error encountered by a user during account registration, highlighting potential SQL injection vulnerabilities and improper input validation. It outlines the risks associated with such vulnerabilities, including unauthorized database access and negative impacts on user experience. Additionally, it explains SQL commands used for data manipulation and the severe consequences of SQL injection attacks on confidentiality, authentication, authorization, and integrity.

Uploaded by

ayaan.saleheen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Term 3 Week 4 Lesson 1

Activity 1

1. A database input error message was logged immediately after a user named Mike O’Brien
registered a new account on an online shopping site.

Relevant Facts:

 The user was required to provide a username, address, first name, and last name.

 The error message occurred right after the user submitted their registration details.

2. Potential Issues:

 SQL Injection Vulnerability: The apostrophe in "O’Brien" could have caused a syntax error in
an SQL query, indicating the database might not be properly sanitizing user inputs. This is a
common sign of SQL injection vulnerability, which could be exploited by attackers to
manipulate the database.

 Improper Input Validation: The error suggests that the database might not be handling
special characters correctly, which can lead to broader security issues, such as improper data
storage or display.

 User Experience Impact: If the input error prevents users with certain characters in their
names from registering, it could lead to loss of potential customers and harm the site’s
reputation.

3. Possible Exploits:
- An attacker could take advantage of the input validation weakness to inject malicious

SQL code, potentially gaining unauthorized access to the database.

- They might also try other special characters or structured queries to further probe
the system's defenses, identifying additional vulnerabilities.

B.H.A.V.A.N.A.

Activity 2

SQL allows you to store data using the INSERT statement, manipulate it with UPDATE and
DELETE, and retrieve it using SELECT. You can filter and sort data with WHERE and ORDER
BY, and perform more complex queries with JOIN and aggregation functions like GROUP BY.
Additionally, SQL helps manage database structures with CREATE TABLE and ALTER TABLE.
Activity 3

SQL commands are used in web page forms to collect and process user input by inserting the input
data into a database using INSERT statements and retrieving or updating data with SELECT and
UPDATE statements based on user interactions. When a user submits a form, the backend processes
the input and executes the relevant SQL commands to store or manipulate the data in the database.

Activity 4

An SQL injection attack can severely impact:

 Confidentiality: Attackers can access and expose sensitive data, such as personal information
or financial records.

 Authentication: Hackers can bypass login systems, gaining unauthorized access to user
accounts.

 Authorization: Attackers might escalate privileges, allowing them to perform actions beyond
their permitted scope.

 Integrity: Malicious actors can alter or delete data, leading to corrupted or compromised
database records.

You might also like