16 March 2009

DBMS: SQL Injection (Definitions)

"SQL injection is a technique that exploits security vulnerabilities in the application layer and middle tier, allowing users to execute arbitrary SQL statements on a server." (Michael Coles, "Pro T-SQL 2008 Programmer's Guide", 2008)

"A security vulnerability that occurs in the persistence/database layer of a Web application. This vulnerability is derived from the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities based on poor input validation and bad design that can occur whenever one programming or scripting language is embedded inside another." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"A form of Web hacking whereby SQL statements are specified in a Web form to expose data to the attacker." (Craig S Mullins, "Database Administration", 2012)

"SQL injection is a technique that exploits security vulnerabilities in the application layer and middle tier, allowing users to execute arbitrary SQL statements on a server." (Jay Natarajan et al, "Pro T-SQL 2012 Programmer's Guide 3rd Ed", 2012)

"The process of manipulating a web application to run SQL commands sent by an attacker." (Mark Rhodes-Ousley, "Information Security: The Complete Reference, Second Edition, 2nd Ed.", 2013)

"A technique that exploits security vulnerabilities in the application layer and middle tier, allowing users to execute arbitrary SQL statements on a server." (Miguel Cebollero et al, "Pro T-SQL Programmer’s Guide 4th Ed", 2015)

No comments:

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.