From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 1 Security Concepts and Network Security

Unlock this course with a free trial

Join today to access over 22,600 courses taught by industry experts.

SQL injection

SQL injection

From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 1 Security Concepts and Network Security

Start my 1-month free trial Buy for my team

SQL injection

- [Instructor] We've previously mentioned sequel injection as a common type of threat against our network resources. So here, I want to expand on that just a bit and take a practical look at how that happens. SQL injection is a technique used to attack a web server by entering portions of valid sequel statements in a form entry field in an attempt to get the website to pass this command into the database. This will potentially allow the attacker to see the contents of the database displayed in the browser itself. The actual vulnerability is caused by errors in the programming code. When a website or web application does not validate or filter the entry values being put into a web form before attempting to execute the entry, this is what allows for circumstances where malicious code can be ran and a database compromised. Now, here, I'm running an instance of DVWA in Kali Linux so that we can take a look at this in action. This is a practice SQL web application that you can use for free…

Contents