Read the case example about Susan the SQL Programmer below:
“Susan was an SQL programmer working at a reputable company. Susan and her husband had been happily married for almost 10 years. Susan wanted to give a surprise gift to her husband on their 10th wedding anniversary. E-shopping4u.com was a well-known online shopping portal that was offering quality products with good discounts on gift items. It was also offering gift vouchers to customers who purchased their products. Susan decided to purchase the gift from E-shopping4u.com. She ordered a costly gift for her husband much in advance, as she wanted the gift to be delivered on the anniversary day. She eagerly waited for the gift.
But things did not work the way she wanted; the gift she had ordered was not delivered on the anniversary day. She wanted to know why the company failed to deliver. She searched the Web site for contact numbers. She tried to contact the management of the shopping portal but could not get any response. After many failed attempts, in frustration, she decided to take revenge on the shopping portal.
Susan searched the internet to find security vulnerabilities related to shopping portals. She searched various security-related Web sites and vulnerability databases on the Internet. Finally, she found an online forum where some user had posted the SQL vulnerabilities of E-shopping4u.com. Half of Susan’s work was done. Being an SQL programmer herself, she knew how the SQL vulnerabilities of a shopping portal could be exploited. She crafted an SQL statement and inserted that statement in place of a username in the portal’s user registration form. She was able to access the entire database of E-shopping4u.com. It was the best chance for her to take revenge on the shopping portal.”
Write a two to four (2-4) page paper in which you:
- Analyze the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.
- Describe at least two (2) tools that Susan could have used to assisther in the attack described within the case example, and suggest thekey benefits that the chosen tools provide hackers. Justify yourresponse.
- Examine the critical manner in which different database systems(e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play asignificant role in the SQL injection attack steps.
- Suggest at least two (2) security controls that E-shopping4u.comcould have implemented in order to mitigate the risks of SQL injection.Further, determine whether or not you believe Susan’s attack would havebeen successful if such security controls were in place.
- Use at least three (3) quality resources in this assignment. Note:Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), withone-inch margins on all sides; citations and references must follow APA format.
- Include a cover page containing the title of the assignment, thestudent’s name, the professor’s name, the course title, and the date.The cover page and the reference page are not included in the requiredassignment page length.
