Structured Query Language (SQL) injection is an attack technique that attempts to subvert the relationship between a webpage and its supporting database, typically in order to trick the database into executing malicious code. SQL injection usually involves a combination of overelevated permissions, unsanitized/untyped user input, and/or true software (database) vulnerabilities. Since SQL injection is possible even when no traditional software vulnerabilities exist, mitigation is often much more complicated than simply applying a security patch.
This paper provides background about SQL injection, helps users understand more about detection, and provides guidance about best practices to minimize the risks associated with this attack vector.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.