SQL Injection Presentation

SQL INJECTION

All the key facts

Start

01

What is a SQL injection attack?

A SQL injection attack is a type of cybersecurity attack that targets databases by using specifically crafted SQL statements to trick the systems into giving the cybercriminals access to databases.

It is one of the most threatening types of attack because it can potentially be used agains any web application or website that uses an SQL-based database.

02

Goals of the attack

SQL Injection attacks can happen for many reasons. Hackers and cybercriminals may use SQL injection attacks to infiltrate an organisation's databases, in order to access personal and private information. Attackers may also use SQL injection attacks to change data in the databases. For example, an attacker may change data in the databases to transfer money into their accounts.

Furthermore, if attackers have access to user's personal and private information, they may use the information to commit identity fraud. This could lead to more attacks and other consequences.

03

How to detect

SQL Injections can be detected, which can allow organisations to act fast and help prevent the attack. Organisations can look at server logs and can also monitor database errors to see if there are any errors that could be linked to a SQL injection attack

04

How to prevent

Organisations and companies are able to prevent SQL injections for attacking their databases.One possible way would be to avoid placing user-provided inpits directly into SQL statements. Companies and organisations should also encrypt private/confidential data that is currently being stored in databases.

They may also limit database permissions and privileges, and use a Web Application Firewall for web applications that access databases.