CW+ Premium Content/Computer Weekly

Thank you for joining!

Access your Pro+ Content below.

12 November 2013

SQLi has long been unsolved, but has that finally changed?

This article is part of the Computer Weekly issue of 12 November 2013

The Open Web Application Security Project (Owasp) continues to rank SQL injection attacks at the top of its 10 most critical web application risks. But what is an SQL injection (SQLi) attack, why are they important, and why have they remained unsolved more than 15 years since they first appeared – and has that changed? Most simply stated, an SQL injection is the malicious modification of Structured Query Language (SQL) statements, by adding (injecting) SQL syntax, to compromise a database. SQL is the language and protocol used by application servers to communicate with database servers to perform tasks such as user authentication. Attacks are commonly conducted through web forms, URLs and cookies. SQLi attacks a big threat to database records A simple example of SQLi attack is putting an SQL command into the password field of a web form to display all records. Because computers tend to do what they are told, a database would execute the command if it were received. Why are SQLi attacks important to stop? An SQL injection is the ...

Access this CW+ Content for Free!

You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login above.
Please provide a Corporate Email Address.
You forgot to provide your first name.
You forgot to provide your last name.
You forgot to provide a job title.
You forgot to provide a company name.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Features in this issue

SQLi has long been unsolved, but has that finally changed?
by Warwick Ashford
SQL injection (SQLi) attacks have remained unsolved for more than 15 years, but that could be about to change

Columns in this issue

View Computer Weekly Archives