Seven Deadliest Web Application Attacks

Chapter 3. Structured Query Language Injection

Information in this Chapter

Understanding SQL Injection

Employing Countermeasures

Structured Query Language (SQL) injection attacks have evolved immensely over the last 10 years even though the underlying vulnerability that leads to SQL injection remains the same. In 1999, an SQL-based attack enabled arbitrary commands to be executed on systems running Microsoft's Internet Information Server (IIS) version 3 or 4. (To put 1999 in perspective, this was when The Matrix and The Blair Witch Project were first released.) The attack was discovered and automated via a Perl script by a hacker named Rain Forest Puppy (http://downloads.securityfocus.com/vulnerabilities/exploits/msadc.pl). Over a decade ...

Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Seven Deadliest Web Application Attacks by Mike Shema

Chapter 3. Structured Query Language Injection

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly