From the course: CompTIA Security (SY0-701) Cert Prep: 2 Threats, Vulnerabilities, and Mitigations
Unlock the full course today
Join today to access over 23,200 courses taught by industry experts.
Preventing SQL injection
From the course: CompTIA Security (SY0-701) Cert Prep: 2 Threats, Vulnerabilities, and Mitigations
Preventing SQL injection
- [Instructor] SQL injection attacks prey upon the fact that many modern dynamic web applications rely upon underlying databases to generate dynamic content. For example, a web application that relies upon a simple database driven authentication mechanism might store unencrypted user passwords in a database, and then when a user attempts to log in, the application, retrieves the correct password from the database and compares it to the user's input. If the passwords match, the user is successfully logged into the system. Now, this is not a good way to implement password authentication, but it's the reality of how many websites work. In this type of scenario, the web server requests the password from the database using a query written in the structured query language, or SQL. SQL is simply the language used by relational databases that allows users and applications to create, update, delete, and retrieve data, and you won't…
Contents
-
-
-
-
-
-
-
-
(Locked)
Preventing SQL injection4m 25s
-
(Locked)
Understanding cross-site scripting3m 17s
-
(Locked)
Request forgery4m 8s
-
(Locked)
Overflow attacks3m 21s
-
(Locked)
Explaining cookies and attachments4m 7s
-
(Locked)
Session hijacking4m 8s
-
(Locked)
Code execution attacks2m 43s
-
(Locked)
Privilege escalation1m 56s
-
(Locked)
OWASP Top Ten4m 45s
-
(Locked)
Application security4m 3s
-
(Locked)
Defending against directory traversal3m 4s
-
(Locked)
Race condition vulnerabilities2m 13s
-
(Locked)
-
-
-
-