After completing this video, the learner will understand SQL injection vulnerabilities in web applications and how to prevent them using input validation.
- [Voiceover] SQL injection attacks prey upon the fact…that many modern dynamic web applications…rely upon underlying databases to generate dynamic content.…For example, a web application that relies upon…a simple database driven authentication mechanism…might store unencrypted user passwords in a database,…and then when a user attempts to log in,…the application retrieves the correct password…from the database and compares it to the user's input.…If the passwords match, the user is successfully…logged in to the system.…
This is not a good way to implement password authentication,…but it's the reality of how many websites work.…In this type of scenario, the web server requests…the password from the database…using a query written in the structured query language,…or SQL.…SQL is simply the language used by relational databases…that allows users and applications to create,…update, delete, and retrieve data.…You won't need to know how to write SQL queries…fro the security plus exam, but it is helpful…to look at some examples to understand…
We are now a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- SQL injection prevention
- Cross-site scripting (XSS) prevention
- Fuzz testing
- Mobile device management (MDM)
- Mobile device tracking
- Operating system security
- Hardware security
- Virtualization security
- File permissions
- Data encryption
- Securing smart devices