The purpose of this homework is to investigate a current SQL injection attack. Each student needs to identify a specific SQL injection attack. Describe the targeted business (website, regular business, social media platform, etc.). What data breaches resulted from the attack? How to prevent such attack?
Template for research paper analysis
Expected number of pages: 4 – 5
Complete reference of the SQL injection attack that you have selected for analysis and presentation
Abstract
• Describes the SQL injection attack, the method used in the attack, the results of the attack, and what lessons learned from the attack.
Introduction
• Describe the SQL injection attack
• Describe the objectives SQL injection attack
• Describe the method used in the attack
Background
• Describe the history of the SQL injection attack
• Describe other similar SQL injection attack
• Describe additional references that you have consulted to complete the current assignment
The Attack
• Describe the technique used to the attack
• Describe the method used to discover the attack
• Any limitations and/or future work
• Opinion on the attack, the technique used in the attack, and recommendation to prevent such attack
Grading Indicators Marks
Content depth and analysis 60
Content organization 10
Language accuracy 10
Presentation 15
Language accuracy 05
On-time submission y/n
In October 2015, an SQL injection attack was used to steal the personal details of 156,959 customers from British telecommunications company TalkTalk’s servers, exploiting a vulnerability in a legacy web portal.
https://web.archive.org/web/20161024090111/https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2016/10/talktalk-gets-record-400-000-fine-for-failing-to-prevent-october-2015-attack/
https://www.theguardian.com/business/2016/oct/05/talktalk-hit-with-record-400k-fine-over-cyber-attack
https://krebsonsecurity.com/2015/10/talktalk-hackers-demanded-80k-in-bitcoin/
https://future.internetsociety.org/2016/casestudy/talktalk/index.html
https://cyberstart.com/blog/how-an-outdated-database-led-to-a-data-breach-unpicking-the-talktalk-cyber-attack/
https://www.bankinfosecurity.com/talktalk-slammed-record-fine-over-breach-a-9436
https://publications.parliament.uk/pa/cm201617/cmselect/cmcumeds/148/14805.htm
https://ico.org.uk/about-the-ico/news-and-events/talktalk-cyber-attack-how-the-ico-investigation-unfolded/
https://www.engadget.com/2015-10-23-talktalk-hack-explainer.html
https://www.bbc.com/news/business-37565367
https://www.theregister.com/2018/11/20/talktalk_pair_jailed/
Two Hackers Jailed for 2015 Cyber Attack Against UK ISP TalkTalk
https://eprints.whiterose.ac.uk/148986/1/Porcedda_Wall_IEEE_Cascade_18-04-19_6pm-FINAL.pdf
https://www.wired.co.uk/article/17-year-old-boy-sentenced-talk-talk-hack
