What is SQL injection? - VietMX's Blog

Email: maixuanviet.com@gmail.com
Skype: maixuanviet.com@outlook.com
Linkein: <a href="https://www.linkedin.com/in/maixuanviet" rel="noopener noreferrer" target="_blank"> linkedin.com/in/maixuanviet
HackerRank: <a href="https://www.hackerrank.com/vietmx" rel="noopener noreferrer" target="_blank"> hackerrank.com/vietmx
Github: github.com/vietmx
Tiktok: <a href="https://www.tiktok.com/@maixuanviet.com" rel="noopener noreferrer" target="_blank"> tiktok.com/@maixuanviet.com

Technology Community › Category: Web Security › What is SQL injection?

VietMX Staff asked 3 years ago

Injection attacks stem from a lack of strict separation between program instructions (i.e., code) and user-provided (or external) input. This allows an attacker to inject malicious code into a data snippet.

SQL injection is one of the most common types of injection attack. To carry it out, an attacker provides malicious SQL statements through the application.

How to prevent:

Prepared statements with parameterized queries
Stored procedures
Input validation – blacklist validation and whitelist validation
Principle of least privilege – Application accounts shouldn’t assign DBA or admin type access onto the database server. This ensures that if an application is compromised, an attacker won’t have the rights to the database through the compromised application.

Question Tags: Junior Level, Web Security