SQL injection

I chose SQL injection for my current weekly blog post because it has gained a lot of media attention. It can be realy nasty especially when it comes to identity theft.

Basically a SQL injection is a server-side attack technique used to exploit Web sites by inserting a series of unauthorized SQL statements into a Web application that requests user input and then builds dynamic SQL queries. Or in other words when an attacker successfully alters the construct of the SQL statements, they are then able to run processes with the same permissions as the database server, web server or web application server.

There are a lot of defferent varieties of SQL injection vulnerabilities depending on the database being accessed and the configuration of that database. It is possible through a SQL injection attack that the hacker could access all records in the database, delete the tables, create new tables or other actions that would provide easy access to information.

As I already said it can get really nasty.

More info -> click me
                       click me

Advertisements
This entry was posted in IT Security, Week 19. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s