PROJECT: DATABASE SECURITY
Welcome to the Database Security project. This hands-on project is designed to help you understand how real-world data breaches can occur and what strategies can be used to protect against them.
Learning Goals
In this project, you’ll explore two significant types of database vulnerabilities and how attackers exploit them:
-
Inference Attacks: Learn how sensitive information can be uncovered by analyzing and correlating seemingly harmless data. Data mining often uses this technique to “connect the dots” and extract private details without direct access.
-
SQL Injection (SQLi): Understand how attackers inject malicious SQL code through input fields to manipulate databases, access unauthorized data, or execute harmful actions.
Topics Covered
- Basic T-SQL queries
- Basic JavaScript
- Database inference techniques
- SQL injection attacks
Final deliverables
You will submit a single file named project_dbsec.json to Gradescope. A template is available at: /home/dbsec/Desktop/project_dbsec.json
See the page for formatting and content guidelines.
Important Reference Material
Valuable Information -
NOTE: Vital information is provided on the prerequisite page, which is not provided elsewhere!
Submission
- Platform: Gradescope (auto-graded)
- More info:
Virtual Machine
Supported
- Intel/AMD x64 architecture
Not Supported
- Apple M-series (ARM-based) devices are not supported.
- are provided on how to attempt to get the VM to run on a MAC, but again, this is not supported. Note: You will need to SSH into the VM if you choose to attempt this.
- Extensions will not be granted for related issues.
This project uses Microsoft SQL Server Developer Edition, which runs on Linux inside the provided VM. The DBSec project is in the master VM, and the credentials for the Linux user will be provided on the project release in Canvas.
Getting Started
- - This is a must read!
Table of contents