14 DAY TRIAL // SQL Injection attacks are highly common these days, but how many users actually know how such attacks are pulled off? Veracode’s Senior Security Researcher Ryan O'Boyle explains the concept in a short video.
“If an attacker is creating a SQL Injection attack, they will actually build malicious SQL statements that are designed to be executed along with the SQL statements that the site would be performing normally,” O’Boyle explained.
He also details the damage that can be caused by an attack that leverages an SQL Injection vulnerability.
Finally, he offers some great advice on how to protect a website against such attacks. The best practices recommended by the researcher include the use of: parameterized statements, user input validation, low privileges for database accounts.
Here are a number of articles in which SQL Injection vulnerabilities are involved.