Structured Query Language (SQL) Injection

Almost all websites today are powered by databases on the server. Structured Query Language (SQL) injection is an attack which exploits these databases.

The attack

Structured Query Language (SQL) is a language used to access databases.
SQL injection is a form of active attack that exploits SQL execution on web servers.
Attackers 'inject' specially formatted code into fields in the website, which when run on the server allow them to bypass login screens or damage the data kept on the server.

Protection against SQL injection

Input validation sets username and password rules that don't permit the character needed to write SQL code.
Input sanitation inspects the user's input and removes SQL command words from the input before it is processed.
User access levels can be set up to prevent the web server from altering the contents of the database.

1Computer Systems

1.1Data Representation

1.1.1Binary Numbers

1.1.2Negative Binary Numbers

1.1.3Hexadecimal

1.1.4Using Hexadecimal

1.1.5Converting Binary & Hexadecimal

1.1.6Converting Denary & Hexadecimal

1.1.7Capacity

1.1.8Calculating Capacity Requirements

1.1.9Binary in Computer Systems

1.1.10Data Compression

1.1.11Run Length Encoding

1.1.12File Formats

1.2Data Transmission

1.2.1Packet Switching

1.2.2Data Transmission

1.2.3Universal Serial Bus (USB)

1.2.4Parity Check

1.2.5Checksum & Echo Checks

1.2.6Encryption

1.3Hardware

1.4Software

1.4.1Operating Systems

1.4.2Interrupts

1.4.3High-Level Languages

1.4.4Low-Level Languages

1.5The Internet & its Uses

1.5.1The Internet

1.5.2Uniform Resource Locators (URLs)

1.5.3DNS

1.5.4HTML

1.5.5Cookies

1.5.6Web Hosting

1.5.7Digital Currency

1.6Cyber Security

1.6.1Forms of Attack

1.6.2Penetration Testing

1.6.3Types of Malware

1.6.4How Malware Spreads

1.6.5Protecting Against Malware

1.6.6Information Security

1.6.7Structured Query Language (SQL) Injection

1.6.8Firewalls

1.6.9Authentication: User Access Levels

1.6.10Authentication: Passwords

1.6.11Social Engineering

1.6.12Phishing

1.6.13Denial of Service Attacks

1.7Automated & Emerging Technologies

1.7.1Automated Systems

1.7.2Robotics

1.7.3Artificial Intelligence

2Algorithms, Programming & Logic

2.1Algorithm Design & Problem Solving

2.1.1Computational Thinking - Abstraction

2.1.2Computational Thinking - Decomposition

2.1.3Computational Thinking - Algorithmic Thinking

2.1.4Pseudocode

2.1.5Flow Diagrams

2.1.6Interpreting, Correcting & Completing Algorithm

2.1.7Correcting Algorithms

2.1.8Completing Algorithms

2.1.9Testing

2.1.10Types of Testing

2.1.11Test Plans

2.1.12Validation & Sanitation

2.1.13Authentication & Contingencies

2.2Programming

2.2.1Programming Fundamentals - Variables & Constants

2.2.2Programming Fundamentals - Comments

2.2.3Programming Fundamentals - Input & Output

2.2.4Data Types

2.2.5Casting

2.2.6Controlling Program Flow - Sequence

2.2.7Controlling Program Flow - Selection

2.2.8Controlling Program Flow - Iteration

2.2.9Modularity - Subroutines

2.2.10Modularity - Scope

2.2.11Arrays

2.3Databases

2.3.1Structuring Data - Records

2.3.2Structuring Data - Databases

2.3.3SQL

2.4Boolean Logic

2.4.1Binary Systems

2.4.2Logic Circuits

2.4.3Truth Tables

2.4.4Evaluating Expressions

2.4.5Boolean Operators

2.4.6End of Topic Test - Logic

Jump to other topics