Web Security - Part 1: SQL Injection

Technique Skills
  • byLe Tuan Khoi
  • Clock 7 mins read
  • Clock 63 Views

SQL Injection: If you are vulnerable to SQL Injection, attackers can run arbitrary commands against your database.

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1][2] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

References: https://www.hacksplaining.com/exercises/sql-injection#/start

Video: https://www.youtube.com/watch?v=6i1CWIaTH60&t=137s

Avatar

Written by Le Tuan Khoi

Having experience of 15+ years in the Software Industry and worked with Fortune 500 companies in consulting roles in 2020, Samar Patel has joined QKIT Softwarebeen using his creative vision and excellent insight into company management to enhance operations as the Chief Operations Officer (COO) of QKIT Software. Upon taking over the position, Samar started in the field of leadership at an early age, taking on multiple leadership roles in various large scale to stealth startups.

You may Also Like

View All
mobile app startup idea

What is a JavaScript framework?

The JavaScript environment has become huge. It has its own ecosystem with libraries, frameworks, tools, package managers and new languages ​​to compile to JavaScript.

Nguyen Phu QuyNguyen Phu Quy July 11, 2024
mobile app startup idea

Web Security - Part 1: SQL Injection

SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures.

Le Tuan KhoiLe Tuan Khoi July 11, 2024
  • clutch
    star
  • goodfirms
    star
  • designrush
    star
  • topdeveloper
    star
  • google
    medplaus plan