So at the very bottom, there's a statement here that actually does not specify any passwords. However, let's see what happens if an attacker inject something malicious. So when user is found in the database that matches that username and password, we'll let the user in and when the input is benign, then everything works fine. You probably have something like that in the application you are developing and very often what we often see in the code is that there is in this particular case Java statement to piece together a SQL command and just directly embed username and password in that SQL statements. Possible and brush any SQL database and the main mitigation is also input sanitization. So just SOS injection, this is abuse of vulnerable application functionality that cause execution of SQL queries, so it's queries executed by database systems. In this video, you will learn to describe SQL injection and what makes an attack possible, describe common types of SQL injection including error-based, union-based, blind injection, and out-of-band.
0 kommentar(er)
