Go find a real world example of SQL attack happening and give a short (300-350 word) write up of it
SQL injection is a code injection technique that might destroy your database.SQL It is one of the most common web hacking techniques and it is the placement of malicious code in SQL statements, via web page input.
It usually occurs when you ask a user for input, like their username, and the user gives you an SQL statement that you will unknowingly run on your database.
This can lead to:
SQL injections are classified as;
1. In-band SQLi
2. Inferential SQLi
3. Out-of-band SQLi.
In-band SQLi, the attacker uses the same channel of communication to launch their attacks and to gather their results.
In inferential SQLi the attacker will send data payloads to the server and observes the response to learn more about its structure.
In Out of the band, SQLi is performed when the attacker can’t use the same channel to launch the attack and gather information, or when a server is too slow or unstable for these actions to be performed.
There are several effective ways to prevent SQLI attacks. And they are;
1. We must practice writing code that can identify illegitimate user inputs.
2. SQL injection can be prevented by using parameterized queries
3. It can also be prevented by using a stored procedure
4. Always use character-escaping functions for user-supplied input provided by each database management system (DBMS). This is done to make sure the DBMS never confuses it with the SQL statement provided by the developer.
Real-world example:
Get Answers For Free
Most questions answered within 1 hours.