O'Reilly logo

Linux Server Security by Chris Binnie

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 10SQL Injection Attacks

One of the most popular types of online attacks is known as SQL injection, sometimes abbreviated as SQLi. These attacks involve the insertion of database code using Structured Query Language (SQL), where attackers can retrieve data from databases or overwrite existing data.

You might be surprised to learn that, according to OWASP (the Open Web Application Security Project), which is a charitable organization that promotes the securing of software, SQLi was the number one threat to online services in 2013, and listed as the most common threat at https://www.owasp.org/index.php/Top_10_2013-Top_10.

This chapter looks at what these attacks involve, how to protect your websites against them, and finally how to launch them yourself for the purposes of penetration testing.

Needless to say, this is a wide and complex area that requires a degree of background knowledge to carry out more sophisticated attacks. You might be surprised how easy it is, however, having run only a handful of commands and with only a little database knowledge, to bring a vulnerable online service to its knees. For that reason alone, it's imperative that IT professionals be aware of the risks that SQL injections pose and how to mitigate their effects.

History

Considering its simplicity, the fact that SQLi is so effective makes it a formidable type of attack.

Take note, junior developers, because when it comes to security matters, sysadmins tend not to be directly responsible for ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required