Saturday, June 30, 2012

Knowing SQL Injection


Knowing SQL Injection is yet another common vulnerability that is the result of lax input valida-tion. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself—in particular its database. The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any num-ber of actions, from retrieving alternate data, to modifying or removing information from the database. download tutorial SQL Injection here