Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Web Application Security > SQL Injection > Flashcards

SQL Injection Flashcards

1
Q

What’s SQL injection?

A

type of injection attack that targets web applications that use SQL (Structured Query Language) to interact with databases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When does SQL injection occur?

A

occurs when an attacker is able to manipulate or inject malicious SQL code into a web application’s database query, which is then executed by the database server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What’s the attack scenario of SQL injection?

A
  1. attacker identifies a vulnerable web application that does not properly validate or sanitize user-supplied input before incorporating it into SQL queries
  2. attacker exploits this vulnerability by injecting specially crafted input to manipulate the intended SQL query
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the common targets of SQL injection?

A

various parts of a web application, such as user input fields (e.g., login forms, search boxes, registration forms), URL parameters, or cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the different SQL injection attack techniques?

A
  • Union-Based SQL Injection
    • attacker leverages the UNION operator to combine the results of a maliciously crafted query with the original query, allowing unauthorized access to data
  • Boolean-Based SQL Injection
    • attacker uses conditional statements to infer information by manipulating the logic of the SQL query
  • Error-Based SQL Injection
    • attacker exploits error messages or error handling mechanisms to extract information about the database structure or contents
  • Time-Based SQL Injection
    • attacker introduces time delays in SQL queries to infer information based on the response times
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the potential consequences of SQL injection?

A
  • unauthorized data disclosure, modification, or deletion
  • attackers can bypass authentication mechanisms, retrieve sensitive data, or execute arbitrary SQL commands on the database server
  • in some cases, an attacker can escalate privileges, gain administrative access, or execute operating system commands through the database
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a telltale sign that attacks is a SQL injection attack and why?

A
  • single quotation mark in the input field
  • quotation mark is used to escape outside the SQL code’s input field
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What mitigation techniques are used to prevent SQL injection attacks. Name 4

A
  1. stored procedures
  2. escaping user input
  3. parameterized queries
  4. input validation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe stored procedures

A

limit what can be done via the database server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe escaping user input

A

makes dangerous characters less likely to be a problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe parameterized queries

A

limit what can be sent in a query

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the character most commonly used in SQL injection attacks?

A

single quote character (‘) is used in SQL queries and must be handled carefully on web forms to protect against SQL injection attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Web Application Security (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions