Sins of SQL Injection

Question 1

What is SQL injection?

Answer 1

SQL injection occurs when an attacker provides a database application with malformed data that is used to build a SQL statement using string concatenation.

Question 2

What does SQL stand for?

Answer 2

Structured Query Language

Question 3

What is an example of malformed data in SQL injection?

Answer 3

Expecting a number for a calculation but receiving an alphabetical character or sentence instead.

Question 4

What is string concatenation?

Answer 4

String concatenation is the process of adding characters, words, or sentences together to form a new string.

Question 5

Provide an example of a SQL statement vulnerable to injection.

Answer 5

Select creditcard_no from customer where customer_id = ‘+ id

Question 6

How can an attacker exploit this vulnerability?

Answer 6

By providing an input such as ‘1 or 2 > 1’ which retrieves all credit card information from the database.

Question 7

What are two methods to prevent SQL injection?

Answer 7

Validation and Sanitization.

Question 8

How does validation help prevent SQL injection?

Answer 8

Validation ensures the input is of the expected type, such as checking if id is a number.

Question 9

What is the purpose of sanitization in preventing SQL injection?

Answer 9

Sanitization removes illegal characters from the input to ensure it is safe.

Question 10

What are prepared statements and how do they help prevent SQL injection?

Answer 10

Prepared statements use placeholders for inputs and ensure that inputs are treated as data, not executable code.

Question 11

Why is it important to understand the database you are using in the context of SQL injection?

Answer 11

To know if it supports stored procedures, the comment operator, and if it allows attackers to call extended functionality.

Question 12

What should you use to build SQL statements securely?

Answer 12

Parameterized queries, also known as prepared statements, placeholders, or parameter binding.

Question 13

Where should database connection information be stored?

Answer 13

In a location outside the application, such as a protected configuration file or the Windows registry.

Question 14

Why should you encrypt sensitive database data?

Answer 14

To protect it from unauthorized access and ensure data privacy.

Question 15

Why should you avoid simply stripping out “bad words” from input?

Answer 15

Because there are many variants and escapes that may not be detected, and it can sometimes leave remnants of bad words.

Question 16

What are the risks of using string concatenation to build SQL statements?

Answer 16

It is prone to SQL injection attacks if inputs are not properly sanitized.

Question 17

What is a dangerous practice regarding database account privileges?

Answer 17

Connecting to the database as a highly privileged account such as sa or root.

Question 18

Where should you avoid storing database configuration information?

Answer 18

In the web root.

Question 19

What is a secure way to manage user access to database objects?

Answer 19

Deny direct access to underlying database objects and grant access only to stored procedures and views.

Question 20

What should be done instead of using untrusted parameters in stored procedures?

Answer 20

Use parameterized queries and validate input for trustworthiness.