SQL Injection Web Attack (Live Demo for AppSec)
Websites can still be hacked using SQL injection - websites written in PHP (and other languages, too) can be vulnerable and have basic security issues.
We’ll share how we can hack applications with SQL Injection and why application security is important. The demonstration begins with a look at source code, then a live web attack using SQL Injection.
What is SQL Injection:
• SQL Injection is one of the top web application security risks—it’s the top risk in the OWASP Top 10 (2017).
• Injection flaws can be introduced whenever an untrusted data source is sent to an interpreter. Examples are often found in SQL, LDAP, XPath or NoSQL dynamic database queries with user supplied input. Attackers inject code into the user input, tricking the query interpreter into executing malicious commands
Tips for stopping SQL Injection:
• Use prepared statements (with parameterized queries)
• Utilize stored procedures
• Leverage whitelist input validation
• Escape all user supplied input
• Use frameworks that have built-in injection protection
Timestamps:
SQL Injection explainer 01:17
SQL Injection demo begins 03:52
How to stop SQL Injection 07:28
How Fortify helps you stop SQL Injection 07:54
About Fortify 08:24
LEARN MORE about Fortify: https://software.microfocus.com/en-us...
LEARN MORE about how Micro Focus was named a leader in the 2019 Gartner MQ for Application Security Testing: https://software.microfocus.com/en-us...
SUBSCRIBE TO FORTIFY UNPLUGGED: / @fortifyunplugged
![Complete online adult ballet center [30 minutes]](https://images.videosashka.com/watch/IgZEpRMQ-cE)
