SQL Injection Overview

These flashcards cover key vocabulary and concepts related to SQL Injection, its characteristics, comparison with XSS, and prevention methods.

SQL Injection

A type of attack that consists of inserting or ‘injecting’ a SQL query via input data from the client to the application.

Structured Query Language (SQL)

A specialized language used to handle structured data that follows a relational model and interact with relational databases.

Relational Model

A data model that incorporates relations among entities and variables, which SQL is designed to manage.

Injection Attack

An attack where an attacker inserts malicious SQL statements into a query through user input fields.

In-band SQL Injection

A type of SQL injection that uses the same communication channel for the attack and the results.

Blind (Inferential) SQL Injection

A SQL injection technique that infers database information by observing the application's response without retrieving direct results.

Out-of-band SQL Injection

A method of SQL injection that exfiltrates data through a different channel than the one used for the attack.

Prepared Statements

A programming feature used to prevent SQL injection by ensuring user input is not treated as executable SQL code.

Cross-Site Scripting (XSS)

A security vulnerability where an attacker injects malicious scripts into webpages viewed by users, leading to various attacks.

Defacement

An attack where an attacker alters web page content to display their own message or content.