Professional Documents
Culture Documents
SQL: SQL is a standard language for storing, manipulating and retrieving data in databases.
SQL Injection:
SQL injection is a code injection technique that might destroy your database.
SQL injection is the placement of malicious code in SQL statements, via web page input.
Attack Intent:
1. Determining database schema
2. Extracting Data
3. Adding or Modifying Data
4. Bypassing authentication
Inference: Inject command into the site and then observe how the function/response of the website
1. Blind Injection
2. Timing Attacks
Prevention: The root cause of SQL injection vulnerabilities is insufficient input validation.
Submitted To Submitted By
Ashok Kumar Yadav Mohammad Javed
Roll No:175566