What is SQL Injection?

SQL Injection is a common injection technique that an attacker will use to inject code into a website and attack the database. It is frequently used by attackers to execute code that will either let an attacker into an application or let them execute queries against a database to collect information from that database. 

SQL Injection works on SQL server 2000 from Microsoft, MySQL and PostgreSQL. All of the servers speak the same SQL language so it is possible to inject SQL through another web language. 

How do I Protect Against SQL Injection? 

The easiest way is to perform input validation against anything that the attacker or anyone using your website is sending to you. A lot of web application languages contain methods for performing this input validation, so you don’t have to re-write the structures. For more information on developing secure web application check out our recent infographic “Building Secure Web Application”.

Tag : SQL Injection

What Is Blind SQL injection

Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. 

This type of attack can become time-intensive because a new statement must be crafted for each bit recovered. There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established.

Tag : Blind SQL Injection, SQL Injection