SQL Injection (Day 3)

What is SQL injection?

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

What are 3 methods SQL injection can be done by?

SQL injections typically fall under three categories: In-band SQLi (Classic), Inferential SQLi (Blind) and Out-of-band SQLi. You can classify SQL injections types based on the methods they use to access backend data and their damage potential.

How can we detect and sanitize SQL injection attacks?

A web application firewall (WAF) can detect and block basic SQL injection attacks. Intrusion detection systems (IDS), both network- and host-based, can be tuned to detect SQL injection attacks. Network-based IDSes can monitor all connections to your database server, and flag suspicious activity. Any input to your web application database should be considered untrustworthy and treated accordingly.

Afternoon Challenge

It was supposed to be Amazen, but most of the class including myself started working on whiteboard challenges, and had a mini discussion with Jake and Mark.