Proposing SQL Statement Coverage Metrics: Difference between revisions

Line 36:

A ''SQL injection attack'' is performed when a user exploits a lack of input validation to force unintended system behavior by altering the logical structure of a SQL statement with special characters. The lack of input validation to prevent SQL injection attacks is known as a SQL injection vulnerability<sup>[2, 5, 6, 8, 9, 13-16]</sup>. Our example of this type of input validation vulnerability begins with the login form presented in Figure 3.

[[File:Sess-figure-3.png~~|thumb|~~ '''Figure 3. Example login form''' ]]

[[File:Sess-figure-3.png]]

<center>'''Figure 3. Example login form'''</center>

Usernames typically consist of alphanumeric characters, underscores, periods and dashes. Passwords also typically consist of these character ranges and additionally allow for some other non-alphanumeric characters such as $, ^ or #. The authentication mechanism functions by a code segment resembling the one in Figure 4. Assume there exists some table maintaining a list of all usernames, passwords, and most likely some indication of the role of each unique username.

@@ Line 36: / Line 36: @@
 A ''SQL injection attack'' is performed when a user exploits a lack of input validation to force unintended system behavior by altering the logical structure of a SQL statement with special characters. The lack of input validation to prevent SQL injection attacks is known as a SQL injection vulnerability<sup>[2, 5, 6, 8, 9, 13-16]</sup>. Our example of this type of input validation vulnerability begins with the login form presented in Figure 3.
-[[File:Sess-figure-3.png|thumb| '''Figure 3. Example login form''' ]]
+[[File:Sess-figure-3.png]]
+<center>'''Figure 3. Example login form'''</center>
 Usernames typically consist of alphanumeric characters, underscores, periods and dashes. Passwords also typically consist of these character ranges and additionally allow for some other non-alphanumeric characters such as $, ^ or #. The authentication mechanism functions by a code segment resembling the one in Figure 4. Assume there exists some table maintaining a list of all usernames, passwords, and most likely some indication of the role of each unique username.