Module 15 - SQL Injection Flashcards

1
Q

_____ _________ is a technique used to take advantage of un-sanitized input vulnerabilities to pass SQL commands through a web application for executin by a backend database.

_____ _________ is a basic attack used to either gain unauthorized access to a database or retrieve information directly from the database.

A

SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of SQL Injection:

  • This technique involves joining a forged query to the original query.
  • Result of the forged query will be joined to the result of the original query, thereby, allowing it to obtain the values of fields of other tables.
    a. SQL Injection
    b. Union SQL Injection
    c. Blind SQL Injection
    d. Double Blind SQL Injection
A

b. Union SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of SQL Injection:

Is used when a web application is vulnerable to an SQL injection, but the results of the injection are not visible to the attacker.

a. SQL Injection
b. Union SQL Injection
c. Blind SQL Injection
d. Double Blind SQL Injection

A

c. Blind SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SQL Injection Methodology:

Use the _____ operator to combine the result-set of two or more SELECT statements.

A

Union

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SQL Injection Methodology:

It is an adaptive SQL injection testing technique used to discover coding errors by inputting massive amount of random data and observing the changes in the output.

A

Fuzz or Fuzzing Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly