Why SQL injection matters
- Top security threat
- Easy to discover
- Easy to exploit
- Severe impact (It can even destroy a database or get sensitive information )
Executing a SQL injection attack
- Intruder sends a request as part of query or command to a website
- The query is sent to the web server
- The query passes through the firewall and hits the database
- Confidential data is retrieved from the server and data is sent back as response to the intruder
Example of sql injection
Sql injection based on 1=1 always trueSELECT * FROM Users WHERE UserId = 10 or 1=1
No comments:
Post a Comment