2.4 - SQL Injection Flashcards

1
Q

Code injection

A
  • Code injection
    – Adding your own information into a data stream
  • Enabled because of bad programming
    – The application should properly handle input
    and output
  • So many different data types
    – HTML, SQL, XML, LDAP, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SQL injection

A
  • SQL - Structured Query Language
    – The most common relational database management
    system language
  • SQL Injection
    – Modify SQL requests (Your application shouldn’t allow this)
  • If you can manipulate the database,
    then you control the application
    – A significant vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly