Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Database Security & Auditing > Lecture 3 > Flashcards

Lecture 3 Flashcards

SQL Injections

1
Q

What is an “SQL Injection”? (!!)

A

Using SQL code in the user interface to directly manipulate the database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List and explain the 3 common strategies for SQL injections: (!!)

A

-Single channel: using the same channel to both inject the code and recieve results.

-Multichannel: using a channel to inject the code and recieving the results through a different channel.

-Observational: observing the returned behavior without intent of getting data from the database. Can be used to plan for a future attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name and explain 4 good practices that combat SQL injections: (!!)

A

1- Monitoring and tracking: tracking errors and resource usage can show indications of attacks.

2- Direct testing: testing SQL injections to determine the risk and how much damage an intruder can do.

3- Sanitizing data: blocking certain keywords and symbols that are used in SQL. ie, OR, AND, “”, etc.

4- Generic error messages: gives the attacker minimal information on the type of error or where it occurred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Database Security & Auditing (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions