Access your Pro+ Content below.
SQLi has long been unsolved, but has that finally changed?
This article is part of the Computer Weekly issue of 12 November 2013
The Open Web Application Security Project (Owasp) continues to rank SQL injection attacks at the top of its 10 most critical web application risks. But what is an SQL injection (SQLi) attack, why are they important, and why have they remained unsolved more than 15 years since they first appeared – and has that changed? Most simply stated, an SQL injection is the malicious modification of Structured Query Language (SQL) statements, by adding (injecting) SQL syntax, to compromise a database. SQL is the language and protocol used by application servers to communicate with database servers to perform tasks such as user authentication. Attacks are commonly conducted through web forms, URLs and cookies. SQLi attacks a big threat to database records A simple example of SQLi attack is putting an SQL command into the password field of a web form to display all records. Because computers tend to do what they are told, a database would execute the command if it were received. Why are SQLi attacks important to stop? An SQL injection is the ...
Access this CW+ Content for Free!
Features in this issue
SQL injection (SQLi) attacks have remained unsolved for more than 15 years, but that could be about to change