top of page
  • Writer's pictureNexix Security Labs

Understanding SQL Injection


SQLi

What is SQL Injection (SQLi)?


SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to database. The attacker can create input content, such content is often called a malicious payload. After the attacker uploads this content, malicious SQL commands are executed in the database. It generally allows an attacker to see data that they are not allowed to access. This data might be personal information of users, or any other data that application itself is able to access.


How dangerous are SQL Injections?


A successful SQL injection attack may compromise a system or the entire database, information such as passwords, credit card details, or personal user information can be exfiltrated. Many high-profile data breaches in recent years have been the result of SQL injection attack, leading to reputational damage.


Types of SQL Injections


SQL injection can be classified into three major categories

  1. In-band SQLi

  • Error-based SQLi

  • Union-based SQLi

2. Inferential SQLi

  • Boolean-based Blind SQLi

  • Time-based Blind SQLi

3. Out-band SQLi


How to detect SQL Injections


SQL injection can be detected manually by using a systematic set of tests against every entry point in the application and also can be done by using automation tools such as DAST tool (Dynamic Application Security Testing), Burp suite, etc. The majority of SQL injection vulnerabilities can be found quickly by using Burp Suite’s Web Vulnerability Scanner.


Need your application to be trusted by millions? Contact us regarding application security testing at contact@nexixsecuritylabs.com


Your Security | Our Concern



28 views

Recent Posts

See All

How to use web-extension cautiously

The internet has come a long way since its first workable prototype was introduced in 1960s. Since then, the world has seen many...

Comments


bottom of page