1 Assignment 02 PMIS 2011 – SQL injection

Name : Gopal Benakanawari

Roll No : 10IS12F

1. Basic Study on “what is SQL injection?” What are the different ways to do it?
SQL injection is technique of injecting a code

2. List out the basic causes for SQL injection?

Fill Answer

3. Find some sites of importance which are vulnerable to this attack? Genuine and original listing of
sites will fetch more points.

Fill Answer

4. What are the different entry points for SQL injection?

Fill Answer

5. Do you think just skipping of single quotes ( ‘ ) will prevent SQL injection completely? Give reasons.

Fill Answer

Department of Computer Science & Engineering, NITK, Surathkal.

2 Assignment 02 PMIS 2011 – SQL injection

6. Do you think client side scripting can prevent SQL injection? Give reasons?

Fill Answer

7. Can we do database fingerprinting using SQL injection? Explain briefly.

Fill Answer

8. List some tools to do automated SQL injection Testing. Make criteria and evaluate the tools based
on those criteria. Explain which tool is best for which situation.

Fill Answer

9. List some Developer centric and Maintenance centric solutions against SQL injection?

Fill Answer

10. Can just runtime monitoring methods (like IDS based solution) prevent SQL injection? What do you
think?

Fill Answer

11. Do you think that SQL injection attack can be prevented at an accuracy of 100%? Give reasons.

Fill Answer

12. Anything extra you may need to express on SQL injection. You can list out any interesting findings
here.

Department of Computer Science & Engineering, NITK, Surathkal.

3 Assignment 02 PMIS 2011 – SQL injection

Department of Computer Science & Engineering, NITK, Surathkal.