Scribd
Upload
9 views1 page

CS 3340 Disc 2

SQL Injection is a vulnerability that allows attackers to manipulate database queries by injecting harmful SQL scripts, leading to data theft, modification, or system crashes. This vulnerability often arises from improper handling of user inputs and the absence of secure coding practices. Effective countermeasures include input validation, using pre-made statements for SQL queries, and conducting regular security testing to identify potential vulnerabilities.

Uploaded by

ammarmohamem
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views1 page

CS 3340 Disc 2

SQL Injection is a vulnerability that allows attackers to manipulate database queries by injecting harmful SQL scripts, leading to data theft, modification, or system crashes. This vulnerability often arises from improper handling of user inputs and the absence of secure coding practices. Effective countermeasures include input validation, using pre-made statements for SQL queries, and conducting regular security testing to identify potential vulnerabilities.

Uploaded by

ammarmohamem
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Select a type of vulnerability:

 SQL Injection
 A common vulnerability is where the attacker changes database queries by “injecting”
harmful SQL scripts into the data fields.

Discuss how vulnerability impacts computer systems.


 Using SQL Injection, attackers can steal information such as passwords and records
 Attackers can also change or delete data
 This vulnerability can crash the system, stopping the service and causing its disruption.

Describe the reasons behind that vulnerability.


 Not cleaning up users’ input, and using them directly to build SQL queries (UC Berkeley,
2024).
 The lack of pre-made statements, which are safe and don’t cause SQL errors.

Explain the countermeasures that can be effectively used to mitigate or prevent major
damages caused by that vulnerability.
 Input validation: The system must make sure that all user inputs are strictly checked to
accept only the expected data types.
 Pre-made statements: Create SQL queries that separate from muser input to block
malicious injections
 Regular Security Testing: Conduct regular penetration tests to test for any
vulnerabilities that can be exploited by SQL Injections (CloudFlare, 2024)

References
UC Berkeley, 2024, How to Protect Against SQL Injection Attacks | Information Security Office
(berkeley.edu)
CloudFlare, 2024, How to prevent SQL injection | Cloudflare

You might also like