U.S. Flag Official website of the Department of Homeland Security

SQL Injection

Original release date: June 22, 2012 | Last revised: February 06, 2013

Overview

Structured Query Language (SQL) injection is an attack technique that attempts to subvert the relationship between a webpage and its supporting database, typically in order to trick the database into executing malicious code. SQL injection usually involves a combination of overelevated permissions, unsanitized/untyped user input, and/or true software (database) vulnerabilities. Since SQL injection is possible even when no traditional software vulnerabilities exist, mitigation is often much more complicated than simply applying a security patch.

This paper provides background about SQL injection, helps users understand more about detection, and provides guidance about best practices to minimize the risks associated with this attack vector.

View Publication



Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top