Chapter 1

What Is SQL Injection?

Dave Hartley

Solutions in this chapter:

• Understanding How Web Applications Work

• Understanding SQL Injection

• Understanding How It Happens

Introduction

People say they know what SQL injection is, but all they have heard about or experienced are trivial examples. SQL injection is one of the most devastating vulnerabilities that impact a business, as it can lead to exposure of all of the sensitive information stored in an application’s database, including handy information such as usernames, passwords, names, addresses, phone numbers, and credit card details.

So, what exactly is SQL injection? It is the vulnerability that results when you give an attacker the ability to influence the Structured Query Language ...

Get SQL Injection Attacks and Defense, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.