"SQL injection is a technique that exploits security vulnerabilities in the application layer and middle tier, allowing users to execute arbitrary SQL statements on a server." (Michael Coles, "Pro T-SQL 2008 Programmer's Guide", 2008)
"A security vulnerability that occurs in the persistence/database layer of a Web application. This vulnerability is derived from the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities based on poor input validation and bad design that can occur whenever one programming or scripting language is embedded inside another." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)
"A form of Web hacking whereby SQL statements are specified in a Web form to expose data to the attacker." (Craig S Mullins, "Database Administration", 2012)
"SQL injection is a technique that exploits security vulnerabilities in the application layer and middle tier, allowing users to execute arbitrary SQL statements on a server." (Jay Natarajan et al, "Pro T-SQL 2012 Programmer's Guide 3rd Ed", 2012)
"The process of manipulating a web application to run SQL commands sent by an attacker." (Mark Rhodes-Ousley, "Information Security: The Complete Reference, Second Edition, 2nd Ed.", 2013)
"A technique that exploits security vulnerabilities in the application layer and middle tier, allowing users to execute arbitrary SQL statements on a server." (Miguel Cebollero et al, "Pro T-SQL Programmer’s Guide 4th Ed", 2015)
No comments:
Post a Comment