SQL injection

SQL injection, computer hacking technique.

SQL injection image

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

Code injection
6 months ago

Code injection ... Injection flaws are most often found in SQL, LDAP, XPath, NoSQL queries, OS commands, XML parsers, SMTP headers, program arguments, etc. Injection flaws...

Stored procedure
5 months ago

Stored procedure ... directly have. Some protection from SQL injection attacks Stored procedures can be used to protect against injection attacks. Stored procedure parameters...

Prepared statement
4 months ago

Prepared statement ... efficiency and protection from SQL injection, but with some DBMSs such as MySQL prepared statements are also available using a SQL syntax for debugging purposes...

Dynamic application security testing
4 months ago

Dynamic application security testing ... vulnerabilities, such as input/output validation: (e.g. cross-site scripting and SQL injection), specific application problems and server configuration mistakes. In...

Web application firewall
1 month ago

Web application firewall ... attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration...

Injection
5 months ago

Injection ... injection, a software testing technique Network injection, an attack on access points that are exposed to non-filtered network traffic SQL injection,...

WordPress
5 months ago

WordPress ... that made it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as some other problems. In June 2013, it was...

Oracle Application Express
5 months ago

Oracle Application Express ... APEX applications are: SQL injection, Cross-site scripting (XSS), and Access Control. APEX applications inherently use PL/SQL constructs as the base server-side...

Taint checking
4 months ago

Taint checking ... associated with web sites which are attacked using techniques such as SQL injection or buffer overflow attack approaches. The concept behind taint checking...

Network security
5 months ago

Network security ... hopping Smurf attack Buffer overflow Heap overflow Format string attack SQL injection Phishing Cross-site scripting CSRF Cyber-attack Cloud computing security...

XML external entity attack
4 months ago
LDAP injection
4 months ago
Magic quotes
4 months ago
DSLReports
4 months ago
Vulnerability database
4 months ago
Drupal
6 months ago
Lansweeper
4 months ago
H2 (DBMS)
5 months ago
This article is copied from an article on Wikipedia® - the free encyclopedia created and edited by its online user community. This article is distributed under the terms of GNU Free Documentation License.