Lecture 10 – SQL Injection Attack & Related Concepts

A comprehensive set of flashcards covering Lecture 10 topics: HTTP basics, database structure, SQL commands, SQL Injection mechanics, real-world breaches, impacts, and defenses.

What web security feature does CORS relax?

The same-origin policy, by allowing cross-origin resource sharing for whitelisted domains.

Which protocol enables browsers and servers to exchange data in a request-response model?

HTTP (Hypertext Transfer Protocol).

Which HTTP method is typically used to request data without changing server state?

GET.

Which HTTP method is used to submit data, such as form information, to a server?

POST.

In an HTTP request, which header specifies the target domain?

Host.

During a web request that needs database data, what is constructed after the web server parses the request?

An SQL query.

Define an SQL Injection (SQLi) attack.

Insertion of malicious SQL code into application queries due to improper input validation, letting attackers manipulate the database.

Why can SQL Injection occur with both GET and POST requests?

Because user input from either method can be concatenated into SQL statements by the application.

List the three main components of a database system.

Data, Database Management System (DBMS), and Database Applications.

What kind of database organizes data into tables with rows and columns?

A relational (SQL) database.

Approximately what percentage of Fortune 500 companies use SQL databases?

About 90 %.

What market share does SQL hold in the $63 B DBMS market (Gartner 2023)?

Roughly 80 %.

In a relational table, what are rows (records)?

Individual entries containing all information about a specific item.

What is a primary key?

A column (or set of columns) that uniquely identifies each row and cannot be NULL.

What is a foreign key?

A column that references a primary key in another table to enforce referential integrity.

What does SQL stand for?

Structured Query Language.

Which SQL command creates a new table?

CREATE TABLE.

Which SQL command inserts a new row?

INSERT INTO.

Which SQL command retrieves data from one or more tables?

SELECT.

Which SQL command modifies existing data?

UPDATE.

Which SQL command removes rows from a table?

DELETE.

In a typical web stack, which layer usually holds prepared statements or ORM queries?

The Data Access Layer.

What does the malicious input "admin' --" do in the example login query?

Closes the string and comments out the rest, bypassing the password check.

Name the three main types of SQL Injection attacks.

Classic (in-band), Error-based, and Blind SQL Injection.

According to OWASP 2023, what percentage of web-app vulnerabilities involve SQLi?

42 %.

Give one potential impact of SQL Injection.

Data breach, data loss/corruption, denial of service, system compromise, or reputational damage.

What is the principle of least privilege in database security?

Grant each database account only the permissions absolutely necessary for its tasks.

Why are prepared statements effective against SQLi?

They keep user input separate from SQL code, preventing injection.

In MySQL, what does the symbol # do inside a query?

Starts a comment; everything after it on the line is ignored.

What happens when "admin'; DELETE FROM credential WHERE name='Alice'; #" is submitted as the username?

The injected DELETE statement runs and removes Alice’s record from the credential table.

Which real-world 2009 incident involved a massive payment-data breach?

The Heartland Payment Systems data breach.

Which 2011 incident compromised the Sony PlayStation Network?

The Sony PlayStation Network data breach.

Why is a SHA1 hash used in the password-change injection example?

To set Boby’s password to a hashed value, enabling login with the new plaintext password.

In MySQL, which command lists all databases?

SHOW DATABASES;.

Which command selects a specific database for use?

USE database_name;.

Which command lists all tables within the current database?

SHOW TABLES;.

What does the query "SELECT * FROM credential WHERE name='Alice';" do?

Retrieves all columns for the row where the name is Alice.

What are two key defenses against SQL Injection besides prepared statements?

Input validation/sanitization and regular security testing (code review, vulnerability scanning, penetration testing).