SQL INJECTION FUNDAMENTALS 2-Databases Flashcards
1-Intro to Databases
What is the primary function of a database in a web application?
* A. Store static HTML pages
* B. Store and retrieve data related to the web application
* C. Host the web application
* D. Manage user sessions
Correct Answer: B. Store and retrieve data related to the web application
Explanation: Databases in web applications are used to store and retrieve various types of data, including web content and user information.
What is SQL injection (SQLi)?
* A. A method to enhance database performance
* B. An attack that allows users to execute unintended SQL queries
* C. A technique for data backup
* D. A process to encrypt database queries
Correct Answer: B. An attack that allows users to execute unintended SQL queries
Explanation: SQL injection is a security vulnerability that allows attackers to interfere with the queries an application makes to its database.
- Which of the following is NOT a type of injection vulnerability?
* A. HTTP injection
* B. Code injection
* C. Command injection
* D. Data injection
Correct Answer: D. Data injection
Explanation: Data injection is not commonly listed as a type of injection vulnerability, unlike HTTP, code, and command injection.
- What is a common method attackers use to exploit SQL injection vulnerabilities?
* A. Encrypting SQL queries
* B. Injecting a single quote (‘)
* C. Using secure coding practices
* D. Validating user input
Correct Answer: B. Injecting a single quote (‘)
Explanation: Attackers often use single quotes to manipulate the SQL query structure.
What can be a significant impact of a successful SQL injection attack?
* A. Improved website performance
* B. Enhanced user experience
* C. Data breaches and unauthorized access
* D. Better database organization
Correct Answer: C. Data breaches and unauthorized access
Explanation: SQL injections can lead to unauthorized access to sensitive data and potential data breaches.
- How can SQL injection attacks be prevented?
* A. By using weak passwords
* B. By allowing direct database access
* C. Through user input sanitization and validation
* D. By disabling database backups
Correct Answer: C. Through user input sanitization and validation
Explanation: Properly sanitizing and validating user inputs can prevent SQL injection vulnerabilities.
What is the purpose of the UNION clause in SQL injection?
* A. To enhance database security
* B. To combine the results of multiple queries
* C. To encrypt database tables
* D. To delete database records
Correct Answer: B. To combine the results of multiple queries
Explanation: The UNION clause allows an attacker to combine results from multiple queries in SQL injection.
- What type of information can be retrieved through SQL injection?
* A. Publicly available information
* B. Sensitive information like user logins and credit card details
* C. HTML content
* D. CSS styles
Correct Answer: B. Sensitive information like user logins and credit card details
Explanation: SQL injections can expose sensitive information stored in the database.
- What are stacked queries in the context of SQL injection?
* A. Queries that are encrypted
* B. Multiple SQL statements executed in one go
* C. Queries that enhance database performance
* D. Queries that prevent SQL injection
Correct Answer: B. Multiple SQL statements executed in one go
Explanation: Stacked queries allow multiple SQL commands to be executed in a single query, which can be exploited in SQL injection attacks.
- Why is user input validation important in preventing SQL injection?
* A. It improves database performance
* B. It ensures only intended data is processed
* C. It simplifies database queries
* D. It enhances the user interface
Correct Answer: B. It ensures only intended data is processed
Explanation: Validating user input ensures that only appropriate and safe data is processed by the database, preventing malicious inputs.
- What is the primary function of a database in a web application?
* A. Store static HTML pages
* B. Store and retrieve data related to the web application
* C. Host the web application
* D. Manage user sessions
Correct Answer: B. Store and retrieve data related to the web application
Explanation: Databases in web applications are used to store and retrieve various types of data, including web content and user information.
- What is SQL injection (SQLi)?
* A. A method to enhance database performance
* B. An attack that allows users to execute unintended SQL queries
* C. A technique for data backup
* D. A process to encrypt database queries
Correct Answer: B. An attack that allows users to execute unintended SQL queries
Explanation: SQL injection is a security vulnerability that allows attackers to interfere with the queries an application makes to its database.
- Which of the following is NOT a type of injection vulnerability?
* A. HTTP injection
* B. Code injection
* C. Command injection
* D. Data injection
Correct Answer: D. Data injection
Explanation: Data injection is not commonly listed as a type of injection vulnerability, unlike HTTP, code, and command injection.
What is a common method attackers use to exploit SQL injection vulnerabilities?
* A. Encrypting SQL queries
* B. Injecting a single quote (‘)
* C. Using secure coding practices
* D. Validating user input
Correct Answer: B. Injecting a single quote (‘)
Explanation: Attackers often use single quotes to manipulate the SQL query structure.
- What can be a significant impact of a successful SQL injection attack?
* A. Improved website performance
* B. Enhanced user experience
* C. Data breaches and unauthorized access
* D. Better database organization
Correct Answer: C. Data breaches and unauthorized access
Explanation: SQL injections can lead to unauthorized access to sensitive data and potential data breaches.
