Friday, July 30, 2010
Wednesday, July 28, 2010
SQL Injection
SQL injection is one of the most devastating vulnerabilities which can lead to exposure of all of the sensitive information stored in a web application’s database. This will includ information such as usernames, passwords,names, addresses, phone numbers, and credit card details.
It is the result when the programmer give an hacker the ability to execute SQL queries, So that attacker can concatenate their own custom built sql query to query which the programmer already written. Attacker can use the functionality of SQL itself to do SQL injection attack.
This attack is a disadvantage of 'Dynamic String building'. The input entered by user is not validated when using dynamic string building. Some times the input is treated as SQL query instead of data.
It is the result when the programmer give an hacker the ability to execute SQL queries, So that attacker can concatenate their own custom built sql query to query which the programmer already written. Attacker can use the functionality of SQL itself to do SQL injection attack.
This attack is a disadvantage of 'Dynamic String building'. The input entered by user is not validated when using dynamic string building. Some times the input is treated as SQL query instead of data.
Subscribe to:
Posts (Atom)