From the course: Programming Foundations: Web Security
Join today to access over 23,500 courses taught by industry experts.
SQL injection
From the course: Programming Foundations: Web Security
SQL injection
- SQL Injection is an attack that occurs when untrusted data is used to construct an SQL query. The data is inserted or injected into the SQL query string. It allows an attacker to execute arbitrary request to an SQL database. SQL Injection sometimes called SQLI for short is not the only form of code injection, but it is the most common. Most modern web applications rely heavily on databases and by some estimates, 75% of databases use SQL. The same general principles that we discuss for SQLI can be applied anytime untrusted data is used to construct a query or a value that's used for code. OWASP, the Open Web Application Security Project, has ranked code injection as one of the top security threats to web applications for the last 10 years. The subject is definitely worth our attention. SQLI is easy for attackers to detect and to exploit. Let's look at an example of SQL Injection. Imagine a login form. When the form is…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Types of credential attacks4m 55s
-
(Locked)
Strong passwords4m 1s
-
(Locked)
URL manipulation and Insecure Direct Object Reference (IDOR)4m 43s
-
(Locked)
SQL injection6m 16s
-
(Locked)
Cross-Site Scripting (XSS)6m 15s
-
(Locked)
Cross-Site Request Forgery (CSRF)4m 21s
-
(Locked)
Cross-Site Request protections3m 38s
-
(Locked)
Cookie visibility and theft4m 37s
-
(Locked)
Session hijacking5m 8s
-
(Locked)
Session fixation3m 18s
-
(Locked)
Remote system execution2m 8s
-
(Locked)
File upload abuse2m 59s
-
(Locked)
Denial of service4m 55s
-
(Locked)
-