Sql injection
SQl injection is a technique often used to attack a website.it is the most common website vulnerability on the internet.
A SQL injection attack is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rouge SQL command to the database. SQL injection is a code injection technique that exploits security vulnerability in a website software.
SQL injection is mostly known as an attack vector for websites but can be used to any attack any type of SQL database
SQL injection attacks responsibilities that included:
Web applications connects to a database server in order to access data
Extracting basic SQL injection flaws and vulnerabilities
Testing web applications for blind SQL injection vulnerabilities
Securing information in web applications and web servers.
SQL Injection
SQL Injection Threats
SQL Injection Black Box Pen Testing
SQl injection is a technique often used to attack a website.it is the most common website vulnerability on the internet.
A SQL injection attack is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rouge SQL command to the database. SQL injection is a code injection technique that exploits security vulnerability in a website software.
SQL injection is mostly known as an attack vector for websites but can be used to any attack any type of SQL database
SQL injection attacks responsibilities that included:
Web applications connects to a database server in order to access data
Extracting basic SQL injection flaws and vulnerabilities
Testing web applications for blind SQL injection vulnerabilities
Securing information in web applications and web servers.
SQL Injection
- SQL injection is the most common website vulnerability on the internet
- It is a Flaw in web applications and not a database or web server issue
- Most prograalues could be usedmmers are still not aware of this threat
SQL Injection Threats
- Tamper with database records
- Escalation of privileges
- Denial of service on the server
- Spoofing Identify
- Modifing records
- Destruction of data
- Check if the web application connects to a database server in order to access some data
- List all input fields,hidden fields,and post requests whose values could be used in crafting a SQL query
- Attempt to inject codes into the input fields to generate an error
- Try to insert a string value where a number is expected in the input field
- The UNION operator is used to combine the result set of two or more select statements
- Detailed error messages provide a wealth of information to an attacker in order to execute SQL injection
SQL Injection Black Box Pen Testing- Detecting SQL Injection Issues
- Detecting input Santization
- Detecting SQL Modification
- Detecting Truncation Issues
Types of SQL Injection
SQL Injection
- Simple SQL Injection
- Blind SQL Injection
- UNION SQL Injection
- Error Based SQL Injection
Post a Comment
Thank you for visiting Afridi's Technoworld