SQL INJECTION FUNDAMENTALS 1-Table of Contents Flashcards
1-Table of Contents
What is the primary function of a database in a web application?
- A. Store static HTML pages
- B. Store and retrieve data related to the web application
- C. Host the web application
- D. Manage user sessions
Correct Answer: B. Store and retrieve data related to the web application
Explanation: Databases in web applications are used to store and retrieve various types of data, including web content and user information.
What is SQL injection (SQLi)?
- A. A method to enhance database performance
- B. An attack that allows users to execute unintended SQL queries
- C. A technique for data backup
- D. A process to encrypt database queries
Correct Answer: B. An attack that allows users to execute unintended SQL queries
Explanation: SQL injection is a security vulnerability that allows attackers to interfere with the queries an application makes to its database.
Which of the following is NOT a type of injection vulnerability?
- A. HTTP injection
- B. Code injection
- C. Command injection
- D. Data injection
Correct Answer: D. Data injection
Explanation: Data injection is not commonly listed as a type of injection vulnerability, unlike HTTP, code, and command injection.
What is a common method attackers use to exploit SQL injection vulnerabilities?
- A. Encrypting SQL queries
- B. Injecting a single quote (‘)
- C. Using secure coding practices
- D. Validating user input
Correct Answer: B. Injecting a single quote (‘)
Explanation: Attackers often use single quotes to manipulate the SQL query structure.
What can be a significant impact of a successful SQL injection attack?
- A. Improved website performance
- B. Enhanced user experience
- C. Data breaches and unauthorized access
- D. Better database organization
Correct Answer: C. Data breaches and unauthorized access
Explanation: SQL injections can lead to unauthorized access to sensitive data and potential data breaches.
How can SQL injection attacks be prevented?
- A. By using weak passwords
- B. By allowing direct database access
- C. Through user input sanitization and validation
- D. By disabling database backups
Correct Answer: C. Through user input sanitization and validation
Explanation: Properly sanitizing and validating user inputs can prevent SQL injection vulnerabilities.
What is the purpose of the UNION clause in SQL injection?
- A. To enhance database security
- B. To combine the results of multiple queries
- C. To encrypt database tables
- D. To delete database records
Correct Answer: B. To combine the results of multiple queries
Explanation: The UNION clause allows an attacker to combine results from multiple queries in SQL injection.
What type of information can be retrieved through SQL injection?
- A. Publicly available information
- B. Sensitive information like user logins and credit card details
- C. HTML content
- D. CSS styles
Correct Answer: B. Sensitive information like user logins and credit card details
Explanation: SQL injections can expose sensitive information stored in the database.
What are stacked queries in the context of SQL injection?
- A. Queries that are encrypted
- B. Multiple SQL statements executed in one go
- C. Queries that enhance database performance
- D. Queries that prevent SQL injection
Correct Answer: B. Multiple SQL statements executed in one go
Explanation: Stacked queries allow multiple SQL commands to be executed in a single query, which can be exploited in SQL injection attacks.
Why is user input validation important in preventing SQL injection?
- A. It improves database performance
- B. It ensures only intended data is processed
- C. It simplifies database queries
- D. It enhances the user interface
Correct Answer: B. It ensures only intended data is processed
Explanation: Validating user input ensures that only appropriate and safe data is processed by the database, preventing malicious inputs