1-Table of Contents Flashcards
Introduction
What is SQL Injection?
A) A method for improving database performance
B) A technique for securing databases
C) A type of attack that exploits poor application security to manipulate database queries
D) A database management system
C) A type of attack that exploits poor application security to manipulate database queries
Explanation: SQL injection is a type of attack where the attacker manipulates an application’s database query by injecting malicious SQL statements, altering the intended function of the database, often to access unauthorized data.
Which of these is a common method to prevent SQL Injection?
A) Use of simple passwords
B) Limiting database privileges
C) Keeping software outdated
D) Ignoring user input validation
B) Limiting database privileges
Explanation: Limiting database privileges can help minimize the impact of a SQL injection attack by restricting what the attacker can do if they manage to inject malicious SQL.
How can SQL Injection typically be identified?
A) By monitoring database performance
B) By reviewing and sanitizing user inputs
C) By increasing transaction speeds
D) By avoiding error messages
B) By reviewing and sanitizing user inputs
Explanation: Reviewing and sanitizing user inputs are critical for identifying potential SQL injections, as this involves checking for malicious patterns or characters in the input that could alter SQL queries.
What is the result of a successful SQL Injection attack?
A) Faster database response
B) Increased database security
C) Unauthorized access to or manipulation of database data
D) Improved user experience
C) Unauthorized access to or manipulation of database data
Explanation: A successful SQL injection can lead to unauthorized access to or manipulation of database data, allowing attackers to retrieve, alter, or delete data.
What does a ‘Union Query’ SQL injection involve?
A) Decreasing database table counts
B) Merging the results of two SQL queries into a single result
C) Separating SQL queries
D) Encrypting data
B) Merging the results of two SQL queries into a single result
Explanation: A ‘Union Query’ in SQL injection involves combining the results of two distinct SQL queries through a UNION statement, allowing an attacker to retrieve additional information.
Which of these is NOT a direct impact of a SQL Injection?
A) Data theft
B) Database corruption
C) Enhanced system security
D) Loss of data integrity
C) Enhanced system security
Explanation: Enhanced system security is not a result of SQL injections; rather, SQL injections compromise system security by exploiting vulnerabilities.
In the context of SQL Injection, what is the purpose of using comments?
A) To document the code
B) To bypass filters or security controls
C) To format the database
D) To encrypt the data
B) To bypass filters or security controls
Explanation: In SQL injection attacks, comments are often used to bypass filters or security controls by making parts of the SQL statement invisible to security mechanisms but still executable by the database.
What role does input sanitization play in preventing SQL Injections?
A) It encrypts sensitive data
B) It removes or encodes illegal or potentially harmful characters in inputs
C) It increases the speed of database queries
D) It makes the database read-only
B) It removes or encodes illegal or potentially harmful characters in inputs
Explanation: Input sanitization involves removing or encoding illegal or potentially harmful characters from user inputs, which prevents these inputs from altering the SQL commands.
What is the significance of ‘stacked queries’ in SQL Injection?
A) They reduce the amount of data returned
B) They allow the execution of multiple queries in a single SQL statement
C) They encrypt the query results
D) They optimize the database
B) They allow the execution of multiple queries in a single SQL statement
Explanation: Stacked queries allow an attacker to execute multiple SQL commands within a single SQL statement, separated by semicolons, potentially causing multiple types of harm.
Which approach can help mitigate the risk of SQL Injection?
A) Relying solely on client-side validation
B) Using parameterized queries
C) Storing data in plaintext
D) Disabling error messages
B) Using parameterized queries
Explanation: Using parameterized queries is a powerful method to prevent SQL Injection because it separates SQL logic from the data, thus preventing the execution of unintended SQL commands.
