SQL Injection Flashcards

1
Q

What is the SQL acronym short for?

A

Structured Query Language

Also known as See-qwel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is SQL used for?

A

It’s the way that a web application communicates to a database server to ask for information.

Note: This makes it a popular target for an attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an SQL Injection?

A

An attack consisting of insertion or injection of an SQL query into a data input field from the client to the web app.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an Injection attack and what are the 4 different code injection vectors?

Which is the most common?

A

The attacker inserts additional information or code, through the data input field in a web application.

This can occur in SQL, HTML, XML, and LDAP

Note: SQL is by far the most common.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is an SQL injection prevented?

A

Through proper input validation and using least privilege.

Note: If an exam question has anything referring to a:

` OR 1=1, ` OR 100=100 etc..

this is an SQL injection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly