SQL injection

Structured Query Language (SQL) is the most commonly used language for RDBMS. Its basically textual language that enables interaction with Db server.

SQL injection is a technique that takes advantages of nonvalidated input vulnerabilities and allow attackers to send malicious or inject SQL commands through Web app.

SQL injection => attack Db; Cross Site Scripting => attack user.


Types: Error from error many times we can get valuable information by asking Db, Union It’s used to combine the results of two or more Select SQL statement, Blind True/False.

Stored Procedures preventing SQL Injection it’s wrong!

The first step is to expose Web app that are vulnerable to attack. Attacks usually take advantage of poorly written code and poor Web site administration. To preventing these attacks you would consider; removing culprit characters/sequences; minimizing privileges; implementing consistent coding standards; firewalling the SQL Server;.

If you would like any help write to my email atdhe.buja@hotmail.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: