From the course: Security Testing: Vulnerability Management with Nessus
Unlock the full course today
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Preventing SQL injection - Nessus Tutorial
From the course: Security Testing: Vulnerability Management with Nessus
Preventing SQL injection
- [Instructor] SQL Injection attacks prey upon the fact that many modern dynamic web applications rely upon underlying databases to generate dynamic content. For example, a web application that relies upon a simple database driven authentication mechanism might store unencrypted user passwords in a database and then when a user attempts to log in the application retrieves the correct password from the database and compares it to the user's input. If the passwords match the user is successfully logged into the system. This is not a good way to implement password authentication, but it's the reality of how many websites work. In this type of scenario the web server requests the password from the database using a query written in the Structured Query Language or SQL. SQL is simply the language used by relational databases that allows users and applications to create, update, delete and retrieve data. You won't need to know how to write SQL queries for the Security+ exam, but it is…
Contents
-
-
-
-
-
-
-
-
(Locked)
Server vulnerabilities5m 18s
-
(Locked)
Endpoint vulnerabilities1m 44s
-
(Locked)
Network vulnerabilities4m 29s
-
(Locked)
Virtualization vulnerabilities2m 35s
-
(Locked)
Industrial control systems4m 36s
-
(Locked)
Understanding cross-site scripting5m 24s
-
(Locked)
Preventing SQL injection5m 29s
-
(Locked)
-