CW+ Premium Content/Computer Weekly

Thank you for joining!
Access your Pro+ Content below.
12 November 2013

SQLi has long been unsolved, but has that finally changed?

The Open Web Application Security Project (Owasp) continues to rank SQL injection attacks at the top of its 10 most critical web application risks. But what is an SQL injection (SQLi) attack, why are they important, and why have they remained unsolved more than 15 years since they first appeared – and has that changed? Most simply stated, an SQL injection is the malicious modification of Structured Query Language (SQL) statements, by adding (injecting) SQL syntax, to compromise a database. SQL is the language and protocol used by application servers to communicate with database servers to perform tasks such as user authentication. Attacks are commonly conducted through web forms, URLs and cookies. SQLi attacks a big threat to database records A simple example of SQLi attack is putting an SQL command into the password field of a web form to display all records. Because computers tend to do what they are told, a database would execute the command if it were received. Why are SQLi attacks important to stop? An SQL injection is the ...

Features in this issue

Columns in this issue