SQL injection is one of type of web hacking that require any web based application which
is connected to a back-end database, and it might just work even if the admin is patchhappy.
It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on
the web server or services running in the OS.
What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via webpages. Many web
pages take parameters from web user, and make SQL query to the database. Take for
instance when a user login, web page that user name and password and make SQL query
to the database to check if a user has valid name and password. With SQL Injection, it is
possible for us to send crafted user name and/or password field that will change the SQL
query and thus grant us something else.
Related Documents
  1. Security Testing Reference : SQL Injection (2347)
  2. 2010-10-27, SecureWorld Expo @ USA (1542)
  3. [Free] Exploit-Me : Web application security testing tools (3413)
  4. Using JTest for Security Testing (2221)
  5. [Video] Software Security Testing: Strengthening Your Defense Strategy (906)
  6. [Ebook] Hacker Attack (2781)
  7. [Video] Take Control of your IT Security and Compliance without the Complexity of Traditional SIM Systems (961)
  8. [Free] Security Software Testing Suite (SSTS) : Application-based security testing (1842)
  9. [Free] BFBTester : Brute Force Binary Tester (1946)
  10. Security Testing Reference : Cross-Site Scripting (XSS) (2260)
  11. [Ebook] Google Hacks : 2nd Edition (2575)
  12. [Free] WebGoat : Security Testing Tool (2332)
  13. OWASP Testing Guide (2616)
  14. SQL - injection: How to Test web applications against SQL attacks (2271)
  15. [Free] Havij : A Advanced SQL Injection Tool (3759)
  16. How to Secure CXF Web Services with SSL/TLS and WS-Security (1665)
  17. Password Recovery for Security Testing (1524)
  18. Putting Security Into Your Virtual World (668)
  19. [Ebook] Linux 101 Hacks (2750)
  20. OWASP Top 10 - 2010 (Security Testing) (1898)