SQL injection is when attackers manipulate a string which is used to construct an SQL query so that it returns unintended results.
- SQL injection is an attack that occurs … when untrusted data is used to construct an SQL query. … The data is inserted, or injected into the SQL query string, … it allows an attacker to execute arbitrary requests … to an SQL database, SQL injection sometimes called SQLI … for short, is not the only form of code injection. … But it is the most common. … Most modern web applications rely heavily … on databases, and by some estimates, … 75% of databases use SQL. … The same general principals we discuss for SQLI … can be applied any time untrusted data is used … to construct a value that's used for code or in a query. … OWASP, the Open Web Application Security Project … has consistently ranked code injection as the top … security threat to web applications for the last 10 years. … So this subject is definitely worth our attention. … SQLI is easy for attackers to detect and to exploit. … Let's look at an example of SQL Injection. … Imagine a log in form, when the form is submitted, … the application code constructs an SQL query …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.