SQL Injection

Back To Listing

What is SQL Injection?

One of the most serious application security problems, SQL injection is a commonly deployed hacking technique that exploits a security vulnerability in SQL queries. This vulnerability occurs anytime a developer takes untrusted data (such as something submitted in a URL or a web form) and concatenates it into a database query.  The attacker can then embed characters to control that query, changing its meaning and gaining access to records, or in some cases compromising an entire database server through command execution.

By taking control of the way a SQL statement is constructed and executes, the SQL injection attacker can steal data, corrupt a database, spoof identities, tamper with transactions, disclose sensitive information, and even become administrator of the database server. The SQL injection attack has been well understood for over 20 years, and it has headlined the OWASP Top Ten for 14 years.

Contrast Community Edition

Release Secure Software Faster... No Security Expertise Needed!

Meet software delivery deadlines and security mandates. Contrast Community Edition for Java applications, .NET Core (and .Net Framework coming soon), and APIs delivers security-as-code that protects your software against the most common security flaws. With Contrast, you can remediate vulnerabilities early in the SDLC and monitor and defend against attacks on production applications.

Contact Security Expert