What is an SQL Injection?
SQL Injection refers to the exploitation of an SQL database vulnerability caused by the lack of masking or validation of meta-characters in user input. The attacker attempts to inject his own database commands through the application which has access to the database.
As the request is not validated correctly, the inserted code changes the original SQL commands and therefore alters the results in favor of the attacker.
An SQL injection allows an attacker to run arbitrary SQL code in the database which may allow him to retrieve, change or delete data from the database. In some cases even the total control of the server which runs the database is possible.
How the Crashtest Security Suite helps you
The Crashtest Security Suite discovers injection attack vulnerabilities within your web application and shows you where these problems exist. Additionally, our own security wiki shows you how to efficiently remediate the vulnerability. Check out the article on SQL Injections for more details!
Not sure if you have SQL Injection vulnerabilities on your website? Do a Quick Scan to find out!