Paresh Sharma
What is a SQL Injection?
By Paresh Sharma in ASP.NET on Nov 28 2006
  • canuja
    Nov, 2006 28

    SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application

    • 0
  • Neha Mehta
    Nov, 2006 28

    SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

    vulnerability refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the data and applications it hosts. Vulnerabilities may result from bugs or design flaws in the system.

    • 0


Most Popular Job Functions


MOST LIKED QUESTIONS