SQL Injection Flashcards
What is the SQL acronym short for?
Structured Query Language
Also known as See-qwel
What is SQL used for?
It’s the way that a web application communicates to a database server to ask for information.
Note: This makes it a popular target for an attack.
What is an SQL Injection?
An attack consisting of insertion or injection of an SQL query into a data input field from the client to the web app.
What is an Injection attack and what are the 4 different code injection vectors?
Which is the most common?
The attacker inserts additional information or code, through the data input field in a web application.
This can occur in SQL, HTML, XML, and LDAP
Note: SQL is by far the most common.
How is an SQL injection prevented?
Through proper input validation and using least privilege.
Note: If an exam question has anything referring to a:
` OR 1=1, ` OR 100=100 etc..
this is an SQL injection.