What is the BEST definition of SQL injection?

What is the BEST definition of SQL injection?

What is the BEST definition of SQL injection?

A.
SQL injection is a database problem.

B.
SQL injection is a web Server problem.

C.
SQL injection is a windows and Linux website problem that could be corrected by applying a websitevendors patch.

D.
SQL injection is an input validation problem.

Explanation:
SQL injection, where instead of valid input, the attacker puts actual database commands into the input fields,
which are then parsed and run by the application. SQL (Structured Query Language) statements can be used
by attackers to bypass authentication and reveal all records in a database.
Incorrect Answers:
A: It is true that underlying the SQL injection attack there is a database, but the SQL injection is only possible if
the input is not properly validated.
B: SQL injection exploits lack of proper input validation. It does not exploit a web server directly.
C: SQL injection exploits lack of proper input validation. It does not exploit a web server directly.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
p. 1163



Leave a Reply 0

Your email address will not be published. Required fields are marked *