SQL injection


Structured Query Language (SQL) is the most commonly used language for RDBMS. Its basically textual language that enables interaction with Db server.

SQL injection is a technique that takes advantages of nonvalidated input vulnerabilities and allow attackers to send malicious or inject SQL commands through Web app.

SQL injection => attack Db; Cross Site Scripting => attack user.

sqlinject

Types: Error from error many times we can get valuable information by asking Db, Union It’s used to combine the results of two or more Select SQL statement, Blind True/False.

Stored Procedures preventing SQL Injection it’s wrong!

The first step is to expose Web app that are vulnerable to attack. Attacks usually take advantage of poorly written code and poor Web site administration. To preventing these attacks you would consider; removing culprit characters/sequences; minimizing privileges; implementing consistent coding standards; firewalling the SQL Server;.

If you would like any help write to my email atdhe.buja@hotmail.com

Advertisements

About Buja Atdhe

CEO of the platform
Gallery | This entry was posted in CEH and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s