

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Sql injection attacks, which exploit web applications to illegitimately access and manipulate database servers. Using a shopping website as an example, the document illustrates how dynamic web applications interact with databases to generate content in response to user requests. A sql query is demonstrated, and the document shows how sql injection attacks can provide unauthorized access to database content by taking advantage of dynamic web applications. The document also discusses the importance of input validation as a preventative measure against sql injection attacks.
Typology: Assignments
1 / 2
This page cannot be seen from the preview
Don't miss anything!


the last name Smith, and then I'm going to add a command, "Delete from user data". And what that's going to do is remove all of the information from that table in the database. Now this time, when I go back and try to search for records relating to Mr Smith, you'll see there are no results remaining in the database. How can you prevent SQL injection attacks against your applications? Input validation. You have to check user input to make sure that it matches the expected format. If you're expecting a last name, you should have letters only. No apostrophes or equals signs in there. SQL injection is just one form of injection attack. Similar attacks can occur against LDAP, XML, and other technologies where remote users can manipulate command parameters. In this demonstration, you saw how a SQL injection attack allows the user of a web application to access the underlying database. In our first attack, we simply added a "one equals one" to the end of a query to make the condition always true and display all of the contents of a database. We then got more malicious and deleted all of the records from that database. SQL injection attacks allow dangerous direct interaction between attackers and your databases. Input validation is essential to preventing SQL injection attacks.