Scribd
Upload
52 views

The SQL Injection Technique: Fawaz Ahmad

The document discusses SQL injection, a cybersecurity threat where malicious code is injected into a web page's SQL statement. Attackers use SQL injection to access and manipulate vulnerable databases, allowing them to steal user data, delete tables, alter balances, and gain administrative access. SQL injection works by exploiting vulnerabilities in an application's coding to submit a crafted SQL query that reveals database structure and secured information. It poses a threat both to organizations and their users by enabling theft of personal details like logins and PII.

Uploaded by

fawaz.gumbat
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
52 views

The SQL Injection Technique: Fawaz Ahmad

The document discusses SQL injection, a cybersecurity threat where malicious code is injected into a web page's SQL statement. Attackers use SQL injection to access and manipulate vulnerable databases, allowing them to steal user data, delete tables, alter balances, and gain administrative access. SQL injection works by exploiting vulnerabilities in an application's coding to submit a crafted SQL query that reveals database structure and secured information. It poses a threat both to organizations and their users by enabling theft of personal details like logins and PII.

Uploaded by

fawaz.gumbat
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

The SQL Injection technique

Fawaz Ahmad

In today's world, cyber threats and attacks are used to corrupt or steal a person's personal
information from a large amount of data from many lines of industry. It is now required to defend
databases against security-related threats all across the world. SQL injection is a well-known and
very vulnerable threat that can compromise any organization's database, whether it's a private
company or the government, by injecting code into a web page. Applications are targeted with
this code injection technique. A SQL statement will be injected in such a way that ALWAYS TRUE
is used as a constraint. It is an overview to provide an overview of a prevalent cyber security
threat known as " SQL Injection."
Websites have become the most important aspect of our life in modern century. We enter a
variety of personal data into these websites, which is recorded in a database. We can use the
network to access it from anywhere. As a result, attackers were able to steal data from vulnerable
web pages. The acronym SQL stands for structured query language, and it's pronounced se-qual.
This language was created primarily to deal with relational databases. Query is used to input data,
edit the database, and access the required data on its own for data manipulation. Here comes
the injection, which is carried out using a SQL query as part of the data manipulation process.
SQL injection is performed by using a structured query that instigates the desired response. The
response is essential for the attacker to understand the database architecture and to access the
secured information of the application.

A bad actor hacker performs an SQL injection to delete data or tables from the database
Attackers use SQL injection to alter or update data in the database and add additional data. For
instance, in the case of a financial application, an attacker can use SQL injection to change
account balances. Even worse, attackers can gain administrative rights to an application
database. The most common risk of an SQL injection attack is the theft of user data. Email
addresses, login credentials, and personally identifiable information (PII) can be stolen and sold
on the dark web. Therefore, a successful SQL injection poses a threat not only to the organization
but also its users.

References:
1. https://www.researchgate.net/publication/316886377_A_study_on_SQL_injection_techniques

You might also like