Imperva Blog|Login|中文Deutsch日本語

Direct Database Access SQL Injection (Database Hacking)

SQL injection is usually a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application. In this example, the database is attacked directly by a non-privileged user through direct interaction with the database - not through a Web application.

Return to video listing Request More Information

Tags: Attack Method, Direct Database Access SQL Injection, SQL Injection, Web Application Security, Database Security