2.4 - SQL Injection Flashcards
1
Q
Code injection
A
- Code injection
– Adding your own information into a data stream - Enabled because of bad programming
– The application should properly handle input
and output - So many different data types
– HTML, SQL, XML, LDAP, etc.
2
Q
SQL injection
A
- SQL - Structured Query Language
– The most common relational database management
system language - SQL Injection
– Modify SQL requests (Your application shouldn’t allow this) - If you can manipulate the database,
then you control the application
– A significant vulnerability