Sql Injection Is A Web Application Security Vulnerability

Background of SQL Injection SQL Injection is a web application security vulnerability that an attacker can submit a database SQL command which is executed by web applications in order to expose the back-end database. SQL injection have been described as one of the most critical threats for Web applications as they are vulnerable to allow an attacker to gain complete access to the underlying database as well as organizations being breached by SQL injection attacks that slip through the firewall over ports such as port 80 (HTTP) or 443 (SSL) to internal networks and vulnerable databases. These databases often contain sensitive user information which can result in security violations such as loss of confidential information, identify theft†¦show more content†¦SQL Injection Process The SQL Injection attack works as the attacker adds SQL statements using a web application’s input fields and hidden parameters in order to access the resources. The lack of input validation in web applications which causes the hacker to successfully expose the database. The figure below shows processes of SQL Injection. First, the attacker sends malicious HTTP request to the web application, and creates the SQL statement which is then submitted to the back-end of database. Cause of SQL Injection The causes of SQL Injection vulnerabilities are rather well understood and simple, such as invalidated input. It is the most common vulnerability to perform a SQL Injection attack because some parameters in web applications are used in SQL queries, so if there is no one checking for them, it can be abused in SQL Injection. In this case, the attackers are able to inject SQL commands by providing suitable crafted user inputs. Besides that, web applications can also read user inputs in a way that it is based on the environment which the application is deployed. Most SQL Injection attacks that targets the user input usually comes from form submissions which are sent by HTTP POST or GET requests to the web application. Another injection mechanism which can lead to the cause of SQL Injection is through cookies. Cookies are small pieces of data that sent from