Assignment 13A – Security

 

Objectives

Learn about database security

Assignment

You will be doing a paper for this assignment. The paper consists of 2 parts; one is the hacker, the other is the defender.

Part 1 – Hacker: For the first part you need to investigate and plan a SQL injection attack.  A simple article on SQL injection is here – http://www.w3schools.com/sql/sql_injection.asp The goal of a planned attack is to penetrate the database and get a list of all users and passwords. In your paper as the hacker you will describe the method and technique you will use.

Part 2 – Defender: You are expecting plenty of SQL injection attacks and you will outline how you will defend these attacks. In addition the hackers are quite likely to use any backdoor channel that they can find. You need to ensure that these are hardened. Please document all these steps in your plan.

Information

Learn about SQL Injection here – http://www.w3schools.com/sql/sql_injection.asp

Estimated Completion Time

About 5-10 hours

Supporting Lectures

Topic – Security and SQL Injection

Questions and Answers

There are a lot more ways to hack a DB system other than SQL Injection. Even though the assignment does not require it, I recommend you at least watch and get all the information from the DB hardening lecture.

External Resources

http://www.w3schools.com/sql/sql_injection.asp

Grading Criteria

A good hacker plan is worth 4

A solid plan of defense is worth 6