Lec 10: Web Security I: SQL injection Flashcards
How do websites work?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/170/564/085/a_image_thumb.png?1449010179)
(T/F): Most database and web scripting languages are untyped
True
How can attackers exploit unforeseen user input?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/170/564/264/a_image_thumb.png?1449450278)
What is SQL and what is it used for? What are the data types normally used?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/246/705/a_image_thumb.png?1449450597)
How does SQL get used on the Web?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/247/666/a_image_thumb.png?1449450630)
What is the problem with this code?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/247/889/q_image_thumb.png?1449450743)
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/247/889/a_image_thumb.png?1449450766)
What is an input validation vulnerability and how does it work?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/248/486/a_image_thumb.png?1449450824)
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/248/602/q_image_thumb.png?1449451153)
Give back everything on user savage
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/249/470/q_image_thumb.png?1449451211)
Comments out code after query
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/249/544/q_image_thumb.png?1449451293)
Always true so gives you any info you want
What are the different parts of HTTP in a URL?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/249/703/a_image_thumb.png?1449451407)
What is URL encoding?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/249/937/a_image_thumb.png?1449451447)
Why is URL encoding/user input into SQL a problem for more than authentication?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/250/018/a_image_thumb.png?1449452182)
What is the problem with this?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/251/275/q_image_thumb.png?1449452302)
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/251/275/a_image_thumb.png?1449452360)
What can you do to protect from unvalidated input issues?
![](https://s3.amazonaws.com/brainscape-prod/system/cm/171/251/431/a_image_thumb.png?1449452405)